Follow

How do I address the vulnerability to GHOST (CVE-2015-0235)

Problem:

How do I address the vulnerability to GHOST (CVE-2015-0235).  This applies to Liquidware Labs HUB VA, DB VA and Netstations

 

Symptoms: N/A

 

Possible Resolution(s):

 

(Recommend taking a snapshot of the appliance prior to applying the hotfixes)

 If your Hub has Internet access:

o Logon to Stratusphere Hub's console as root (https://liquidwarelabs.zendesk.com/entries/25053567-Cannot-logon-as... ) or SSH in (https://liquidwarelabs.zendesk.com/entries/24782618-How-do-I-Remote... )

 

Once at root prompt you can copy in following command (single line) 

rpm -Uvh http://download.liquidwarelabs.com/upgrades/5.7.1/CVE-2015-0235/glibc-2.5-123.el5_11.1.x86_64.rpm http://download.liquidwarelabs.com/upgrades/5.7.1/CVE-2015-0235/glibc-common-2.5-123.el5_11.1.x86_64.rpm http://download.liquidwarelabs.com/upgrades/5.7.1/CVE-2015-0235/nscd-2.5-123.el5_11.1.x86_64.rpm

 This should install all 3 RPMs.

 

o Enter 'reboot' to reboot the appliance

 

 If your Hub does not have Internet access:

 

o Manually download the following RPMs: 

http://download.liquidwarelabs.com/upgrades/5.7.1/CVE-2015-0235/glibc-2.5-123.el5_11.1.x86_64.rpm 
http://download.liquidwarelabs.com/upgrades/5.7.1/CVE-2015-0235/glibc-common-2.5-123.el5_11.1.x86_64.rpm
http://download.liquidwarelabs.com/upgrades/5.7.1/CVE-2015-0235/nscd-2.5-123.el5_11.1.x86_64.rpm


o Use WinSCP to connect to the appliance (https://liquidwarelabs.zendesk.com/entries/24733711-How-do-I-downlo... ).  Create a directory called "ghost_fix", and upload the RPMs to it.

 

o Logon to Stratusphere Hub's console as root (https://liquidwarelabs.zendesk.com/entries/25053567-Cannot-logon-as... ) or SSH in (https://liquidwarelabs.zendesk.com/entries/24782618-How-do-I-Remote... )

 

o On the console command line enter the following commands: rpm -Uvh /home/friend/ghost_fix/*.rpm

 

o Once done, run rm -rf /home/friend/ghost_fix/ to remove the RPMs.  Enter 'reboot' to reboot the appliance

 

Once complete and verified, delete any open snapshots.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.