Security Update for libc* and multiarch-support Packages: Ghost Fix


This release note documents the security fixes for:

This vulnerability affects the following Cumulus Linux branches:

  • CumulusLinux-2.5
  • CumulusLinux-2.2
  • CumulusLinux-2.1

To apply the security patches, run:

  1. Run apt-get update
  2. Run apt-get install libc-bin libc-dev-bin libc6 multiarch-support
  3. Reboot the switch.

Cumulus Networks recommends a complete switch reboot to activate all processes with new version of shared dynamic libraries.

If full reboot is not acceptable, you can identify Internet-facing daemons with:

lsof -i

Then restart those daemons that believed to be vulnerable.

The following new libraries will be installed with this security update:

dpkg -l libc-bin libc-dev-bin libc6 multiarch-support
 / Name Version Architecture Description
libc-bin 2.13-38+deb7u7 amd64 Embedded GNU C Library: Binaries
libc-dev-bin 2.13-38+deb7u7 amd64 Embedded GNU C Library: Development binaries
libc6:amd64 2.13-38+deb7u7 amd64 Embedded GNU C Library: Shared libraries
multiarch-support 2.13-38+deb7u7 amd64 Transitional package to ensure multiarch compatibility

For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.

Have more questions? Submit a request


Powered by Zendesk