January isn’t over yet, but the first major security threat of the year has already reared its head. Just a few days ago, researchers at cloud security company Qualys discovered GHOST, a big vulnerability in the Linux GNU C Library (glibc), which is a core part of the Linux operating system. Without glibc, a Linux system will not work.
But what can this GHOST vulnerability do that makes it such a threat? When exploited, GHOST lets hackers remotely control a system without the need for user IDs or passwords by bypassing all existing protections. Any compromised system is open to a complete takeover.
The best way to mitigate this very real risk is by applying the necessary patch from your Linux provider. We’re happy to let you know that we have already done so for all of Convene’s servers across different regions and all back-end Linux servers as soon as CentOS released the patch. The specific package name and version used is: glibc-2.12-1.149.
We assure you that you don’t have to worry about your data being accessed by hackers from the outside because of this vulnerability. However, please take note that servers need to be restarted for the patch to take effect, so if you encountered downtime (approximately five minutes maximum), we apologise for the inconvenience.
Should you want to learn more about GHOST, you can check out this blog entry from Qualys.