Many Linux systems are potentially vulnerable via a bug in the function gethostbyname() in the library Glibc which was discovered by Qualys, as became known yesterday. In a worst case scenario by exploiting this bug it is possible to remotely execute code. Whether certain programs are vulnerable however is depending on many factors, as the version of the Glibc a particular Linux distribution uses, and other conditions which in addition have to be fulfilled in order to exploit this bug. This vulnerability must be taken seriously and is considered “critical”.
Yesterday, shortly after the vulnerability became known, we therefore have applied the relevant patches to our systems. We have restarted potentially affected services and in some cases whole servers. In most cases Perfect Privacy users should not have been disturbed by this, and ideally not even have noticed it.
We recommend all users of Linux systems and Linux based appliances to check if patches exist for their systems, and to apply them swiftly. After patches have been applied, affected programs have to be restarted to make them use the new version of the library. The easiest method to ensure this, is to simply restart the whole system.
Further information:
I ain’t afraid of no GHOST
Qualys Security Advisory CVE-2015-0235
Kind regards,
Your Perfect Privacy Team