cancel
Showing results for 
Search instead for 
Did you mean: 
otruniger
Level 10

CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

Dear McAfee people,

may you please keep us updated about patch status for the new GHOST vulerability CVE-2015-0235

Regards

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

Updates will be posted here when they are available (more specific link):

https://kc.mcafee.com/corporate/index?page=content&id=SB10100

Best Regards,

Jon

0 Kudos
7 Replies
McAfee Employee

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

As always and as usual, we will not be discussing product security questions in this form but will inform customer in a security bulletin.

Once available the bulletin will be listed here: https://support.mcafee.com/ServicePortal/faces/knowledgecenter?_adf.ctrl-state=fcqf8dkjz_4&_afrLoop=...

thanks,

Michael

0 Kudos
McAfee Employee

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

Updates will be posted here when they are available (more specific link):

https://kc.mcafee.com/corporate/index?page=content&id=SB10100

Best Regards,

Jon

0 Kudos
McAfee Employee

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

Updated information is available: https://kc.mcafee.com/corporate/index?page=content&id=SB10100.

Thanks,

Michael

0 Kudos
trishoar
Level 11

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

Whilest setting up some new hardware I noticed 7.5.1 was out, and this appears to be patched.

rpm -q --changelog glibc|head

* Wed Jan 28 2015 Ralf Horstmann

- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235)

* Tue Aug 26 2014 Siddhesh Poyarekar- 2.12-1.149

- Remove gconv transliteration loadable modules support (CVE-2014-5119,

  - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

* Wed Jul 30 2014 Siddhesh Poyarekar - 2.12-1.148

- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).

Tris

0 Kudos
exbrit
Level 21

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

trishoar wrote:



Whilest setting up some new hardware I noticed 7.5.1 was out, and this appears to be patched.



rpm -q --changelog glibc|head


* Wed Jan 28 2015 Ralf Horstmann


- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235)



* Tue Aug 26 2014 Siddhesh Poyarekar- 2.12-1.149


- Remove gconv transliteration loadable modules support (CVE-2014-5119,


  - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,



* Wed Jul 30 2014 Siddhesh Poyarekar - 2.12-1.148


- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).



Tris



Please never post email addresses, thank you.

Peter

Moderator

0 Kudos
McAfee Employee

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

, you are correct, this is indeed patched in 7.5.1 and 7.4.2.7 (released today):

Web Gateway 7.5.1 Release Notes - https://kc.mcafee.com/corporate/index?page=content&id=PD25710

Web Gateway 7.4.2.7 build 18936 Release Notes - https://kc.mcafee.com/corporate/index?page=content&id=PD25711

I marked your post for review because I didnt want poor Ralf to get spammed.

Best Regards,

Jon

0 Kudos
McAfee Employee

Re: CVE-2015-0235 (aka GHOST Vulnerability)

Jump to solution

Additional information has also been posted here:

McAfee KnowledgeBase - Web Gateway response to CVE-2015-0235 (GHOST vulnerability)

Best Regards,

Jon

0 Kudos