Risk assessment: Moderate for unpatched Linux platforms.
Posted: February 11, 2015
A vulnerability in specific versions of glibc libraries has been discovered in which an attacker may be allowed to execute arbitrary code through heap overflow possibilities in gethostbyname() or gethostbyname2() functions.
This is a vulnerability in specific versions of glibc; it is not a vulnerability in VanDyke Software products. However, since VanDyke Software products on supported Linux platforms (Red Hat, Ubuntu, SUSE) dynamically link to glibc, if glibc is unpatched on your system, you may be affected in circumstances where a call to gethostbyname() is made (see Products Affected section below).
VanDyke Software products on all other platforms (Windows, Mac OS X, FreeBSD, AIX, Solaris, iOS) are not affected by this vulnerability in glibc.
Products NOT Affected
VanDyke Software products are potentially susceptible when running on unpatched Linux platforms (Red Hat, Ubuntu, SUSE) only where any of the following specific circumstances are present:
Patch the glibc library files installed on your system according to instructions available from your Linux distribution vendor or other online resources. For example:
February 11, 2015 – Security Advisory Published