Educause Security Discussion mailing list archives

Re: GHOST GLIBC LIBRARY VULNERABILITY

From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Wed, 28 Jan 2015 16:28:46 +0000

We got the first word just before 5:00pm last night.  Given the significant nature, reportedly trivial exploitation, 
report of a metasploit module coming out quickly, and the simplicity of the fix, we decided to go ahead and stay late 
and update our public-facing servers with out-of-band reboots overnight.  No issues so far.  We’re doing test and 
development servers this morning (yeah, I know, we did prod first, but this seemed like an exceptional case) and 
planning to do our internal-only prod servers at the next maintenance window.

Kevin
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve 
Terry
Sent: Wednesday, January 28, 2015 9:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] GHOST GLIBC LIBRARY VULNERABILITY

Just a general FYI in seeing how others are dealing with this vulnerability?
http://app.engage.redhat.com/e/es.aspx?s=1795&e=525492&elq=c640ea55e6f54623a25c6251f7e7fb9a

Steve Terry
Director of Enterprise Applications
ITS
Denison University
Fellows Hall - 102B
Granville, OH 43023
740-587-8685 | www.denison.edu<http://www.denison.edu/>

Current thread:

GHOST GLIBC LIBRARY VULNERABILITY Steve Terry (Jan 28)
- Re: GHOST GLIBC LIBRARY VULNERABILITY Kevin Halgren (Jan 28)
- Re: GHOST GLIBC LIBRARY VULNERABILITY Andregg, Bryan Courtney (Jan 28)
  - Re: GHOST GLIBC LIBRARY VULNERABILITY Rich Graves (Jan 28)