On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced.
Affected Products
Cisco is currently investigating its product line to determine which products may be affected and the extent of the impact of the vulnerability on its products. Additional Cisco products will be added as the investigation progresses.
-Cisco Videoscape Distribution Suite Transparent Caching
Workarounds
There are currently no network-based mitigations for this vulnerability or any mitigations that can be performed directly on affected systems.
Cisco has published an Event Response for this vulnerability: http://www.cisco.com/web/about/security/intelligence/ERP_GHOST_29-Jan-2015.html
It seems that this vulnerability affect all Linux systems (redhat, centos, ubunt and so on..) which have glibc 2.18 or prior version.
So we have checked all MGMT and CEs, confirmed that all servers are glibc 2.9 version as follows,
you can use the following command on VDS-TC to checj the version of Glibc version.
root@mg-1:/home/padmin> getconf –a | grep libc
--------
this is mg-1
GNU_LIBC_VERSION glibc 2.9
this is ce-1
GNU_LIBC_VERSION glibc 2.9
this is ce-2
GNU_LIBC_VERSION glibc 2.9
this is ce-3
GNU_LIBC_VERSION glibc 2.9
Please refer to the following url for details.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost?vs_f=Ci...
This issue already is escalated to BU and PA and waiting for the reply.
Here is the latest update from PA.
PA has agreed with the VDS-TC management team that a fix for this vulnerability will be available in release 6.0 which is planned to be released on Q3/2015.
In release 6.0, the product will run on CentOS platform (instead of openSUSE as today) and the glibc library in use will have a fix for the glibc GHOST issue.
