During a code audit performed internally at Qualys a heap-based buffer overflow was found in glibc's "
__nss_hostname_digits_dots()" function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls.
There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.
Call to Action
To close the vulnerability, install the latest available version of glibc from the OS vendor repository:
For RedHat based OSes:
# yum update glibc
For Debian/Ubuntu based OSes:
# apt-get install --only-upgrade libc6
# yast2 --update glibc
After that restart all services:
# service psa stopall # service psa startall
Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.
We also strongly encourage you to stay connected to Parallels for important product-related information via these methods: