Tuesday, January 27, 2015

NOTICE: Patch your Linux Servers

As you may have read in the media recently, a new zero-day security vulnerability for a common component in the Linux operating system has been released into the wild. This vulnerability allows attackers to remotely access some vulnerable Linux-based systems without the use of compromised passwords or other user credentials. Once in the system, attackers could leverage other vulnerabilities to escalate privileges until they gain root access. A good article that describes the vulnerability can be found here:

http://www.zdnet.com/article/critical-linux-security-hole-found/

We recommend that you immediately patch your operating system with the appropriate latest version. At the time of sending this e-mail (approximately at 7pm Central time on Tuesday, Jan. 27), the following Linux distributions have issued patches:

·      Red Hat
·      Debian
·      Ubuntu

Other popular distributions, such as CentOS, have indicated publicly that patches are in the works.

Since the vulnerable library is very common and is used by a wide range of server-side software, applying the patch is not without risk of collateral damage or side effects. In other words, there is some risk that patching your system might impact the performance of other applications on your server that also use the same library.

Nonetheless, taking into account the severity of the security hole, we are advising our clients to apply the patch immediately upon it becoming available to them. The risk of not patching outweighs the potential risk from side effects.

We strongly recommend that you patch your servers immediately with the appropriate patch.

If you are running Red Hat Enterprise Linux or CentOS, you may execute the following command on your server to patch:

CentOS/Red Hat Linux: yum -y update glibc
Ubuntu/Debian Linux: apt-get upgrade glibc

Please note that patching your system WILL require a restart after you execute the above commands.

No comments:

Post a Comment