Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Security
    4. Advisories
    5. Security Advisory- “Ghost” - Security Vulnerability – Updated January 28, 2015 Overview

    Security Advisory- “Ghost” - Security Vulnerability – Updated January 28, 2015 Overview

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Subject: “Ghost” - Security Vulnerability – Updated January 28, 2015 Overview
      1. Effective Security Severity level:
      2. Affected Systems:
      3. Actions Taken for Hosted Systems:
      4. Required Actions for on-Premise/Local Systems:
      5. Procedure for Linux Systems:
      6. Rollback Changes:

    Subject: “Ghost” - Security Vulnerability – Updated January 28, 2015 Overview

    Ex Libris has been made aware of a recently discovered a vulnerability called “Ghost”.  

    All Unix/Linux systems that use the glibc (a popular command-line shell) are vulnerable to the Ghost vulnerability. GHOST is a buffer overflow bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker to execute arbitrary code with the permissions of the user running the application. The vulnerability is covered by Red Hat advisory CVE-2015-0235 where more information is available.  
    Patches have been released to fix this vulnerability by major Linux vendors for affected versions. 

    No Impact to Customer data.

    Effective Security Severity level:

    Critical  

    Affected Systems:

    All Ex Libris systems and products running on Linux. Tests and Certifications

    Ex Libris has evaluated Ex Libris products for potential vulnerability and performed certification testing with the available patches for all Ex Libris systems and products running on Linux. It was determined that the available patches can be safely deployed with no impact to Ex Libris systems and products.

    Actions Taken for Hosted Systems:

    Ex Libris is in the process of patching all of the systems running in the Ex Libris cloud and expects to finish this task shortly.

    Required Actions for on-Premise/Local Systems:

    Ex Libris strongly recommends following the vendor's instructions and installing the patch on all on-premise (local) Ex Libris products using Linux systems.

    Procedure for Linux Systems:

    1. Determine your vulnerability to “Ghost”. Check your version of glibc. Earlier versions of glibc than those listed below are vulnerable:

    • RH6 glibc -2.12-1.149  
    • RH5 glibc-2.5-123
    For more information, see: https://access.redhat.com/security/cve/CVE-2015-02352.

     


     

    2. Mitigate the vulnerability. If your system is vulnerable, upgrade to the most recent version of the glibc. Run the command yum –y update glibc-* and install the latest glibc version.

     

    Rollback Changes:

     

    To roll back the changes in case of a problem, run the command yum downgrade glibc-* to revert to your original glibc version

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Advisory- “Shellshock” - Security vulnerability – update September 29, 2014
      • Security Advisory- OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Cross-Product
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved