Cloud security company Qualys announced Tuesday the issues prevalent in glibc since version 2.2 introduced in 2000-11-10 (the complete Qualys announcement may be viewed here). The vulnerability, CVE-2015-0235, has been dubbed “GHOST.”As the announcement from Qualys indicates, it is believed that MySQL and by extension Percona Server are not affected by this issue.Percona is in the process of conducting our own review into the issue related to the Percona Server source code – more information will be released as soon as it is available.In the interim the current advisory is to update your glibc packages for your distributions if they are in fact vulnerable. The C code from the Qualys announcement may aid in your diagnostics, section 4 of this document or via this gist. I also wrote a very quick python script to help identify processes which may be running libc that you can access here.Compiling the above and executing it will yield an output indicating if your glibc version is believed to be vulnerable or not vulnerable.Distribution Resource Resource LinksRedHat BZ: http://ift.tt/1wEnSpI EL5 Errata: http://ift.tt/1tydIMy EL6 / 7 Errata: http://ift.tt/1wEnQ17 USN: http://ift.tt/1uYKgQN (affects 10.04 12.04)Debian security tracker: http://ift.tt/1tydFQS which use musl-libc (http://ift.tt/1eg8F4J) are not affected by this issue.AcknowledgementsQualysRobert Barabas – Percona Raghavendra Prabhu – Percona Laura Byrnes – PerconaThe post GHOST vulnerability (CVE-2015-0235) Percona response appeared first on MySQL Performance Blog.
from Planet MySQL http://ift.tt/1du18ol
Nenhum comentário:
Postar um comentário
Leave your comment here!