SWAMP Security Notification: GHOST Vulnerability Patch
Dear SWAMP Users,
As you may be already aware, a major vulnerability called Ghost was released on January 27th, 2015 that affects most Linux systems.
The SWAMP infrastructure team has already patched all systems in the SWAMP to mitigate this vulnerability. If you have any questions or comments, please don’t hesitate to contact the security team directly at security@continuousassurance.org.
The vulnerability, called GHOST and identified by CVE-2015-0235 affects software that uses the gethostbyname system call under versions of GNU glibc between 2.2 and 2.17. This vulnerability would allow an attacker to locally or remotely execute code without any system credentials.
More information about this vulnerability CVE-2015-0235 is available at: http://www.openwall.com/lists/oss-security/2015/01/27/9.
Thank you for your time,
SWAMP Security Team