The GHOST Vulnerability (and yes, this blog is still alive :))

After Heartbleed and Poodle in 2014, it's now time for the first major security vulnerability in Linux systems in 2015 : GHOST

The GHOST vulnerability is a serious weakness in the Linux glibc library which allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue.

You can read more about this issue here : https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

You can list all packages/applications depends upon vulnerable Glibc, by running the following command on your server :

lsof | grep libc | awk '{print $1}' | sort | uniq

As you can see, a lot of packages are using Glibc library on Linux.

If you want to check your glibc version, you can run :

ldd --version

Now, to patch your Ubuntu/Debian server, here is what you need to do :

apt-get clean
apt-get update
apt-get dist-upgrade
reboot