This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Security Update for libc* and multiarch-support Packages: Ghost Fix

Follow

This release note documents the security fixes for:

This vulnerability affects the following Cumulus Linux branches:

  • CumulusLinux-2.5
  • CumulusLinux-2.2
  • CumulusLinux-2.1

To apply the security patches, run:

  1. Run apt-get update
  2. Run apt-get install libc-bin libc-dev-bin libc6 multiarch-support
  3. Reboot the switch.

Cumulus Networks recommends a complete switch reboot to activate all processes with new version of shared dynamic libraries.

If full reboot is not acceptable, you can identify Internet-facing daemons with:

lsof -i

Then restart those daemons that believed to be vulnerable.

The following new libraries will be installed with this security update:

dpkg -l libc-bin libc-dev-bin libc6 multiarch-support
 / Name Version Architecture Description
=======================================================================================================================================================================================
libc-bin 2.13-38+deb7u7 amd64 Embedded GNU C Library: Binaries
libc-dev-bin 2.13-38+deb7u7 amd64 Embedded GNU C Library: Development binaries
libc6:amd64 2.13-38+deb7u7 amd64 Embedded GNU C Library: Shared libraries
multiarch-support 2.13-38+deb7u7 amd64 Transitional package to ensure multiarch compatibility

For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk