|

gibc

Google experts reported yesterday that they have discovered a security flaw, which potentially puts at risk thousands of devices and apps – including Linux servers. Known as the “Glibc bug” it could allow hackers to insert code into a device’s memory, enabling hacking attacks – including remote access attacks on devices such as a computer.

Google engineers, in collaboration with security experts at Red Hat were quick to release a “patch” in order to fix the problem – which affects servers running on the Linux operating system. Windows or OS X are unaffected.

Shared Hosting customers – no need to do anything

While in theory this Glibc bug poses a threat, Google has reported that it would be very difficult for anybody to exploit the security flaw due to its complexity. However, the scale of the problem is difficult to determine.

The good news for Easyspace customers who own shared web hosting packages – such as Pick ‘n’ Mix, StarterPlus Hosting, WordPress Hosting, etc –  is that all of our shared hosting servers have now been protected against this security threat. Our security specialists have already added a patch to fix this security bug, so you have no need to worry – we’ve got you covered.

 

Dedicated Server customers – you need to take action

If you’ve got a Dedicated Server with us, then it’s your responsibility to patch it yourself.

You should definitely update if you are on an older version. If you own a dedicated server with us, then you need to take steps to guard against the risk of an attack.

Known vulnerable systems are:

Red Hat Enterprise Linux 6 & CentOS 6: RHSA-2016:0175-1
Red Hat Enterprise Linux 7 & CentOS 7: RHSA-2016:0176-1
Debian Squeeze, Wheezy, Jessy & Stretch: CVE-2015-7547
Ubuntu 12.04 & 14.04 & 15.10 & 16.04: CVE-2015-7547

The command: ldd –version can be used to check your glibc version and it can be compared to the following tables to determine if you are vulnerable.

Distribution patch trackers:
Debian: https://security-tracker.debian.org/tracker/CVE-2015-7547
Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html
RedHat: https://access.redhat.com/security/cve/cve-2015-7547 ( https://isc.sans.edu/diary/CVE-2015-7547%3A+Critical+Vulnerability+in+glibc+getaddrinfo/20737 )
SUSE: https://www.suse.com/security/cve/CVE-2015-7547.html

 

Details on how to patch this vulnerability are below:

Log in to your Linux server via SSH

If you are running CentOS, Red Hat or a derivative, run the following commands:

sudo yum update glibc*
sudo shutdown -r now

 

If you are running Debian or a derivative, run the following commands:

sudo apt-get update
sudo apt-get upgrade glibc*
sudo shutdown –r now

**ubuntu 10.04 or 12.04 only**
sudo apt-get update
sudo apt-get upgrade libc6

 

Following the above steps will patch your dedicated server – thereby protecting it from the Glibc security vulnerability

If you require more information on the patch itself – further information is available here.

If you are a dedicated server customer and have any questions regarding this, then please feel free to contact us on 03700 502 523 – or raise a ticket via your Easyspace Control Panel.

Lastly, please keep in mind that you can monitor the latest Easyspace updates on our System Status page at: http://status.easyspace.com/easyspace/