Risk assessment: Moderate for unpatched Linux platforms.
Posted: February 11, 2015
Description
A vulnerability in specific versions of glibc libraries has been discovered in which an attacker may be allowed to execute arbitrary code through heap overflow possibilities in gethostbyname() or gethostbyname2() functions.
This is a vulnerability in specific versions of glibc; it is not a vulnerability in VanDyke Software products. However, since VanDyke Software products on supported Linux platforms (Red Hat, Ubuntu, SUSE) dynamically link to glibc, if glibc is unpatched on your system, you may be affected in circumstances where a call to gethostbyname() is made (see Products Affected section below).
VanDyke Software products on all other platforms (Windows, Mac OS X, FreeBSD, AIX, Solaris, iOS) are not affected by this vulnerability in glibc.
Products NOT Affected
Products Affected
VanDyke Software products are potentially susceptible when running on unpatched Linux platforms (Red Hat, Ubuntu, SUSE) only where any of the following specific circumstances are present:
Recommended Solution
Patch the glibc library files installed on your system according to instructions available from your Linux distribution vendor or other online resources. For example:
Official Postings
Revision History
February 11, 2015 – Security Advisory Published
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.