Server: Red Hat Enterprise Linux Server release 5.9 (Tikanga)
I came to know that Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Linux distributions employing glibc-2.18 and later are not affected. This vulnerability is similar to similar to ShellShock and Heartbleed that we saw recently.
I see, the patch is available here: https://access.redhat.com/security/cve/CVE-2015-0235 (RedHat) or http://www.ubuntu.com/usn/usn-2485-1/ (Ubuntu).
I'm planning to patch our Linux systems (it would require reboot) and wanted to check on few items:
Has anybody tried to patch their systems to solve this vulnerablity and what's the impact of the patch across Linux platforms/applications running?
I don't think I will be fine if I just upgrade glibc binaries via yum upgrade.
Where can I find a step by step guide to fix this issue.
One can see more info about this here: https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
1) The patched version of glibc is for sure already running in thousands of machines. There shouldn't be other noticeable impacts than getting the vulnerability solved
2) Yes, it is enough if you update glibc via yum and reboot afterwards
3) You won't need a step by step guide, as updating is really straight-forward. Just update glibc via package manager such as yum and reboot.
In theory, it is also possible not to reboot by only restarting all the applications that are linked to glibc. But in practice, it is so commonly used library that it is a lot easier to just reboot the whole machine.