Critical
Canonical, Red Hat
Ubuntu 10.04, 12.04, CentOS 6.
A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitrary code with the permissions of the user running the application.
All versions of Cloud Foundry BOSH stemcells running Ubuntu Lucid and Cent OS
All versions of Cloud Foundry Runtime through v196
The Cloud Foundry project recommends that Ubuntu Lucid BOSH Stemcells be upgraded to the Ubuntu Trusty Stemcells (currently version 2824).
The Cloud Foundry BOSH team will work on a patch release of the CentOS 6 Stemcell when patched Centos packages are available. This notice will be updated when fixes are available.
The Cloud Foundry Runtime team is actively working on a patch release of Ubuntu 10.04 root file system. Applications running on Cloud Foundry Runtime need to be restaged after upgrading.
All PWS (Pivotal Web Services) users should restage applications after the runtime upgrade as well.
Qualys and Alexander Peslyak of the Openwall Project
* [This advisory]
http://www.openwall.com/lists/oss-security/2015/01/27/9