To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

GHOST vulnerability status update

Costas-Inter
Costas-Inter Posts: 35 Security Scout

Hello

 

Is there any progress regarding recent GHOST vulnerability regarding F-Secure products?

Are FSMSG and SRS affected and which versions?

 

And regarding Linux based products, is it safe to patch the Linux systems with glibc 2.18?

 

Any information available for informing our customers much appreciated

 

Thank you

Costas

Comments

  • gancal
    gancal Posts: 8 Digital Defender

    Hello Costas,

     

    My name is Calvin and I'm the primary contact for security vulnerabilities concerning F-Secure's products and services.

     

    With regards to your inquiry, allow me to respond to you.

    1. All supported version of F-Secure Messaging Security Gateway products are affected and we are currently working on releasing a patch which should be made available later today.
    2. F-Secure Scanning Reputation Server Virtual Appliance (SRS VA) is also affected by this vulnerability and we are currently working on releasing an update.
    3. Linux based products (IGK and Linux Security) are not affected, however we strongly advise users to update glibc from the operating system update channel when made available. There are no known compatibility issue with update glibc to the latest version.
    4. We are in the midst of planning an advisory release and will keep everyone updated as soon as it is released.

    If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.

     

    Best Regards,

    Calvin Gan

    F-Secure Security Vulnerability Expert

  • Costas-Inter
    Costas-Inter Posts: 35 Security Scout

    OK

    The security advisory on GHOST is out, but need some clarifications:

     

    https://www.f-secure.com/en/web/labs_global/fsc-2015-1

     

    It states as affected version:

    F-SECURE INTERNET GATEKEEPER VIRTUAL APPLIANCE (IGK VA) 5.20

    But then as action:Verify that the latest version of IGK VA is installed.

    But the latest version available is 5.20. So is 5.20 vulnerable or not? Do we expect a 5.21 for patch?

     

    The same clarification needed for SRS.

     

    Someone from F-secure please?

     

     

This discussion has been closed.

Categories