GHOST - security vulnerability

Wednesday 28th January 2015

Yesterday a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glibc) was identified by researchers at cloud security company Qualys. This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Following analysis today by our Linux team we need to apply patches to all Linux servers to remove this vulnerability. Unfortunately as this patches glibc, the GNU C library, it requires a system restart to implement as the files are in use by numerous processes running on the systems. The patching process is likely to cause a service outage of up to five minutes while the system is restarted, meaning your site/service will be unavailable during this time.

The patching process will take place today, 28 January 2015, between 2-5pm. We apologise for the short notice, but feel urgent action is required considering the severity of the threat.