Overview

As you may already be aware, GHOST (CVE-2015-0235) is a 'buffer overflow' bug affect the gethostbyname() and gethostbyname2() function calls in the glibc library. RightScale has already addressed our publicly available images and environments. Customers can address the issue on their environment using the RightScript we have published in the MultiCloud Marketplace that will test, and patch the GHOST vulnerability:

CVE-2015-0235 Ghost Vulnerability Update RightScript

http://www.rightscale.com/library/ri.../lineage/52575

To use this RightScript, you will need to import it to your RightScale account, and then run as an Any Script at the instance or deployment level to patch your systems. The RightScript tests for vulnerability, if found, it bypasses frozen repos, updates glibc, and restores the original frozen repos. After the patch is complete, you may need to restart other services that rely on glibc in order for the patch go into effect.

Official CVE: http://web.nvd.nist.gov/view/vuln/de...=CVE-2015-0235