“GHOST” Linux Vulnerability

ITS Security would like to alert the campus community of a recently announced Critical vulnerability that affects a number of Linux operating systems.  Dubbed the “GHOST” vulnerability, a flaw in the glibc library present in many Linux operating systems could allow a remote attacker to compromise an affected system through a buffer overflow against the gethostbyname() function.  Individuals responsible for Linux workstations or servers are strongly recommended to patch and reboot to protect against this vulnerability as soon as possible.  Please refer to your distribution’s support pages for further information and impacted releases, or departments may contact their area’s LSP.

https://access.redhat.com/articles/1332213

http://www.ubuntu.com/usn/usn-2485-1/

https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Thank you,

Ellen

 

ITS Security Training

ITS is offering a training session on Wednesday, January 28, 2015 from 11:00 a.m. – 12:00 p.m.  We encourage faculty and staff, especially those with administrative roles, to attend this training session.

Registration for the Information Security session is via our Learning Curve website at https://bf.memphis.edu/training/index.php

Steps to register:

  • Visit the site and click “ Manage your training”
  • Login with your user name and password
  • Under Registration on left menu, click “class schedule/registration”
  • Select “View All” in the category dropdown box
  • Scroll down to the Information Security session and click “Register”

Please report problems registering to the Service Desk at extension 8888.

Regards,

Ellen