There’s a quite serious security vulnerability making the news today (ZDNet, Ars Technica), CVE-2015-0235, nicknamed “GHOST”. It happens that this flaw was fixed in glibc-2.18 (but quietly, and the full implications don’t seem to have been widely noticed). That means that Fedora 20 and Fedora 21 are not vulnerable to this problem, because they shipped with newer versions than that — but note that Fedora 19 and before are. If you are running an old release, and haven’t yet gotten around to updating, this is an excellent time to do so.
(If you’re running one of our downstream distributions, or are just curious, see Red Hat’s security advisory for CVE-2015-0235 for RHEL.)
Doug
I’m wondering where updates are for fedora 19 concerning this exploit. I’ve patched, and stay updated, but there is little information about whether this version is still vulnerable. Fedora 19 is still supported correct? There should be updated packages, but the tests I try say the system is vulnerable and there are no patches. Should Fedora 19 not be considered supported?
Matthew Miller
Fedora 19 is no longer supported. See the announcement here. Fortunately, upgrading should be relatively painless.