Al momento in Italia nessuno ne parla, io ho patchato ieri sera sia il mio PC che la mia VPS, in Germania ne parlano tutti, in Francia anche, in America non ti dico nemmeno e puntualmente in italia nessuno sā niente.
Quote:
Today, a critical security vulnerability affecting many versions of #Linux was released.
As this can possibly lead to remote code execution, our advisory is to patch your system -NOW- and not later today,
if you should find that the version of Linux you are using is vulnerable.
The vulnerability is called #GHOST and was found by #Qualys security labs.
It affects the function "gethostbyname" which is used by many programs to fetch the IP of a hostname.
To our knowledge, at least the following Linux distributions are affected (PLEASE CHECK YOUR OS EVEN IF NOT LISTED):
Ubuntu 10.04/12.04
Debian 7
CentOS 6 and 7 (potentially 5 as well)
SLES 11
If you are unsure:
You can find a script which will check your system at http://i.yt.gl/get/44ecc/pseet.zip
unzip the package,
then chmod +x GHOST-vuln-check.sh
now simply ./GHOST-vuln-check.sh
and you should get information if your system is vulnerable.
(We take no warranty that this script works for you, we are not liable for damage.)
Please note:
You WILL NEED to restart your system.
We know that this is unusual on Linux, but the respective function is used within core components. Therefor, to ensure that your server is not at any risk, please restart your server after installing the patch.
|
Fate semplicemente un test prima
Codice:
root@cosmo:~# unzip pseet.zip
Archive: pseet.zip
inflating: GHOST-vuln-check.sh
root@cosmo:~# chmod +x GHOST-vuln-check.sh
root@cosmo:~# ./GHOST-vuln-check.sh
Building GHOST.
This system is...
vulnerable
andate di aggiornamenti (su debian apt-get update & upgrade)
reboot
Codice:
root@cosmo:~# ./GHOST-vuln-check.sh
Building GHOST.
This system is...
not vulnerable
Tutte le info qui
https://community.qualys.com/blogs/l...-vulnerability