Yesterday, Qualys released details of a serious security vulnerability in the glibc libraries used in Linux. Today, we have released a fix and strongly recommended all FCO customers apply it to their platforms.
The official article and details from Qualys can be found here:
Instructions for how to test and fix this is provided below. We have tried to make it as simple as possible for you. There are two options for fixing this:
1) Upgrade to FCO 4.2.6 by following the instructions here http://docs.flexiant.com/display/DOCS/Upgrading+the+system+between+minor+releases (Note: You must still reboot after upgrading using this method.)
2) If you don't wish to upgrade your FCO version, you can apply the fix to your current version by following the instructions below.
** This fix should be applied to all FCO Manager and FCO Cluster Control Manager servers on your platform. ***
Open an SSH session to the server(s) as the 'root' user, and execute the following command - copy/paste is best.
curl -o /tmp/ghost.sh http://repo.flexiant.com/images/public/tools/ghost.sh && bash /tmp/ghost.sh
You will be warned if your server is vulnerable it will be automatically rebooted. This means your Control Panel will be unavailable for the duration of the reboot (usually no more than 5 minutes).
Choose option '1' if you agree and wish to continue.
If your system is not vulnerable, a message will inform you of this and your system will not reboot. Please inform us of any errors or problems you encounter. We can also apply the fix on your behalf - please raise a support ticket with a suitable date and time for this to be carried out.