GHOST Vulnerability CVE-2015-0235

Overview

This document addresses the impact on Aspera products of the gethostbyname vulnerabilities in glibc on some Linux distributions. The Aspera products are using this feature when attempting to make HTTP connections to remote servers by hostname. Situations where this can happen are for server side document roots hosted on Linux cloud storage, HTTP fallback clients, forward proxy clients and server side external file validation.

 

References:

https://access.redhat.com/articles/1332213

http://www.openwall.com/lists/oss-security/2015/01/27/9

http://www.cyberciti.biz/faq/cve-2015-0235-patch-ghost-on-debian-ubuntu-fedora-centos-rhel-linux/

 

Affected Products

 

Aspera Point to Point
Aspera Enterprise Server

Aspera Connect Server

Aspera Proxy

Aspera OnDemand for Amazon
Aspera OnDemand for Softlayer
Aspera OnDemand for Google Cloud

 

Running on Linux OSes


CLOUD SERVICE DOCUMENT ROOTS

HTTP FALLBACK CLIENTS

EXTERNAL FILE VALIDATION

FORWARD PROXY CLIENTS

FEATURES AFFECTED ON LINUX SYSTEMS

ACTION REQUIRED URGENTLY FOR LINUX

  1. Update to latest security patch for your Linux server

 

Aspera Point to Point
Aspera Enterprise Server

Aspera Connect Server

 

Running on Windows, Mac, Solaris, FreeBSD OSes

NOT AFFECTED

Aspera Console


Running on Linux OSes


CONNECT NODE TO CONSOLE

FEATURE AFFECTED ON LINUX SYSTEMS

ACTION REQUIRED URGENTLY FOR LINUX

  1. Update to latest security patch for your inux server

Aspera Console

 

Running on Windows OSes

NOT AFFECTED

Aspera OnDemand for Azure NOT AFFECTED

Aspera Faspex
Aspera Shares
Aspera Orchestrator

 NOT AFFECTED

Aspera Client
Aspera Cargo

 

Running on Linux OSes

HTTP FALLBACK CLIENTS

FORWARD PROXY CLIENTS

FEATURES AFFECTED ON LINUX SYSTEMS

ACTION REQUIRED URGENTLY FOR LINUX

  1. Update to latest security patch for your Linux server

Aspera Client
Aspera Cargo

 

Running on Windows and Mac OSes

NOT AFFECTED
Aspera Outlook Plugin
Aspera Drive
Aspera Mobile
NOT AFFECTED

Aspera Async

 

Running on Linux OSes

HTTP FALLBACK CLIENTS

FORWARD PROXY CLIENTS

FEATURES AFFECTED ON LINUX SYSTEMS

 

ACTION REQUIRED URGENTLY FOR LINUX

  1. Update to latest security patch for your Linux server

Aspera Async

Running on Windows and Mac OSes

 NOT AFFECTED
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk