Article ID: 124313, created on Jan 28, 2015, last review on Jun 17, 2016

  • Applies to:
  • Plesk for Linux/Unix


During a code audit performed internally at Qualys a heap-based buffer overflow was found in glibc's "__nss_hostname_digits_dots()" function, which is used by the gethostbyname() and gethostbyname2() glibc function calls.


There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.

More information about CVE-2015-0235 can be found in Qualys Blog and on Openwall website.

Call to Action

  1. To close the vulnerability, install the latest available version of glibc from the OS vendor repository:

    For RedHat based OSes:

    # yum  update glibc

    For Debian/Ubuntu based OSes:

    # apt-get install --only-upgrade libc6

    For Suse:

    # yast2 --update glibc
  2. After that restart all services:

    # service psa stopall
    # service psa startall

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Parallels for important product-related information via these methods:

Search Words




Security Advisory


29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c

Email subscription for changes to this article
Save as PDF