1

Topic: Linux vulnerability CVE-2015-0235 (GHOST)

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

All Linux versions

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Linux vulnerability CVE-2015-0235 (GHOST)

http://cve.mitre.org/cgi-bin/cvename.cg … -2015-0235
https://community.qualys.com/blogs/laws … nerability

Does updating to the new glibc break anything on iRedMail?

3

Re: Linux vulnerability CVE-2015-0235 (GHOST)

support-vom.com wrote:

http://cve.mitre.org/cgi-bin/cvename.cg … -2015-0235
https://community.qualys.com/blogs/laws … nerability

Does updating to the new glibc break anything on iRedMail?

I'm on

ldd (Ubuntu EGLIBC 2.19-0ubuntu6.5) 2.19

which isn't 2.2 and isn't before 2.18, i.e isn't affected by GHOST [Ubuntu 14.04.1 LTS isn't affected seemingly]
So I doubt it'll break any of the components of iRedMail.

4

Re: Linux vulnerability CVE-2015-0235 (GHOST)

7t3chguy wrote:
support-vom.com wrote:

http://cve.mitre.org/cgi-bin/cvename.cg … -2015-0235
https://community.qualys.com/blogs/laws … nerability

Does updating to the new glibc break anything on iRedMail?

I'm on

ldd (Ubuntu EGLIBC 2.19-0ubuntu6.5) 2.19

which isn't 2.2 and isn't before 2.18, i.e isn't affected by GHOST [Ubuntu 14.04.1 LTS isn't affected seemingly]
So I doubt it'll break any of the components of iRedMail.


Great!

5

Re: Linux vulnerability CVE-2015-0235 (GHOST)

glibc is the base component on all Linux distributions, upgrading it (a server reboot is required) won't break any components of iRedMail.

6

Re: Linux vulnerability CVE-2015-0235 (GHOST)

was wondering on the same topic I was check for updates on Ubuntu I found the following :
Inst tzdata [2014i-0ubuntu0.14.04] (2015a-0ubuntu0.14.04 Ubuntu:14.04/trusty-updates [all])
Conf tzdata (2015a-0ubuntu0.14.04 Ubuntu:14.04/trusty-updates [all])
Inst libclamav6 [0.98.5+addedllvm-0ubuntu0.14.04.1] (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Inst clamav-daemon [0.98.5+addedllvm-0ubuntu0.14.04.1] (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64]) []
Inst clamav-base [0.98.5+addedllvm-0ubuntu0.14.04.1] (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [all])
Inst clamav-freshclam [0.98.5+addedllvm-0ubuntu0.14.04.1] (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Inst clamav [0.98.5+addedllvm-0ubuntu0.14.04.1] (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Conf libclamav6 (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Conf clamav-base (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [all])
Conf clamav-freshclam (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Conf clamav-daemon (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Conf clamav (0.98.6+dfsg-0ubuntu0.14.04.1 Ubuntu:14.04/trusty-updates [amd64])

is that will break clamav for iRedmail ??

7

Re: Linux vulnerability CVE-2015-0235 (GHOST)

Usually, updating binary packages with 'rpm/yum/apt-get' won't break iRedMail server.

Exception is Dovecot. Config file used by Dovecot-1.x is not supported by Dovecot-2, so if you're upgrading Dovecot from 1.x to 2.x, please be careful. But upgrading from 2.x to new versions (2.x) is ok.

8

Re: Linux vulnerability CVE-2015-0235 (GHOST)

ZhangHuangbin wrote:

Usually, updating binary packages with 'rpm/yum/apt-get' won't break iRedMail server.

Exception is Dovecot. Config file used by Dovecot-1.x is not supported by Dovecot-2, so if you're upgrading Dovecot from 1.x to 2.x, please be careful. But upgrading from 2.x to new versions (2.x) is ok.

Thanks for your support smile