The GHOST Vulnerability (and yes, this blog is still alive :))

After Heartbleed and Poodle in 2014, it's now time for the first major security vulnerability in Linux systems in 2015 : GHOST The GHOST vulnerability is a serious weakness in the Linux glibc library which allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. You can read more about this issue here : https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability You can list all packages/applications depends upon vulnerable Glibc, by running the following command on your server : lsof | grep libc | awk '{print $1}' | sort | uniq As you can see, a lot of packages are using Glibc library on Linux. If you want to check your glibc version, you can run : ldd --version Now, to patch your Ubuntu/Debian server, ...