Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

CVE-2015-0235 "GHOST" vulnerability with glibc gethostbyname.

This document (7016118) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)
SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)
SUSE Linux Enterprise Server 11

Situation

Novell has been made aware of a vulnerability affecting the SUSE Linux Enterprise Server (SLES) operating system:

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function

The following Novell products are affected by this vulnerability because they either run on, or include the SUSE Linux operating system and have dependencies on glibc:

Novell Filr
Novell GroupWise
Novell iPrint Appliance
Novell Messenger
Novell Open Enterprise Server
Novell Service Desk
Novell Vibe
Novell ZENworks 

Resolution

Updates for products that have current support are available via SLES update channels.
See:
https://www.suse.com/support/kb/doc.php?id=7016113

Novell Filr
Patch is available via Novell Patch Finder under respective Filr versions:
Filr 1.1 - Security Update 3
Filr 1.0.1 - Security Update 5

Novell GroupWise
Apply SUSE patch. No need to patch GroupWise.

Novell iPrint Appliance 
iPrint Appliance 1.1 Security Update 3:  
https://download.novell.com/Download?buildid=RyrISxl25cI~  
iPrint Appliance 1.0.1 Security Update 4:  
https://download.novell.com/Download?buildid=G84Y8dbzWwU~  
Novell Messenger
Apply SUSE patch. No need to patch Messenger.

Novell Open Enterprise Server
OES 11SP2: Apply SUSE patch
OES 11SP1: Patch forthcoming

Novell Service Desk
Patch forthcoming

Novell Vibe
Apply SUSE patch. No need to patch Vibe.

Novell ZENworks Appliance 
See https://www.novell.com/support/kb/doc.php?id=7016147


Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7016118
  • Creation Date:29-JAN-15
  • Modified Date:09-FEB-15
    • NovellFilr
      GroupWise
      iPrint
      Messenger
      Open Enterprise Server
      Service Desk
      Vibe
      ZENworks Configuration Management

Did this document solve your problem? Provide Feedback