GHOST vulnerability status update

Hello
Is there any progress regarding recent GHOST vulnerability regarding F-Secure products?
Are FSMSG and SRS affected and which versions?
And regarding Linux based products, is it safe to patch the Linux systems with glibc 2.18?
Any information available for informing our customers much appreciated
Thank you
Costas
Best Answer
-
gancal Posts: 23
Hello Costas,
Our apologies for the confusion caused from the security advisory. We will update the advisory with a more conscise information to avoid further confusion. In the meantime, here is the updated instructions for both IGK VA 5.20 and SRS VA 11.00.
- Download and re-install the latest version of the appliance.
- Verify the latest appliance version by opening the management console and checking the full version shown in the login screen:
- IGK VA: 5.20.646.13
- SRS ESXi: 11.00.556.166
- SRS Hyper-V: 11.00.556.24
- SRS XenServer: 11.00.556.76
Once again our sincerest apologies for the inconveniences caused. Please do inform me if you need further clarification. Have a good day!
Regards,
Calvin Gan
F-Secure Security Vulnerability Expert
5 Like
Comments
Hello Costas,
My name is Calvin and I'm the primary contact for security vulnerabilities concerning F-Secure's products and services.
With regards to your inquiry, allow me to respond to you.
If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.
Best Regards,
Calvin Gan
F-Secure Security Vulnerability Expert
OK
The security advisory on GHOST is out, but need some clarifications:
https://www.f-secure.com/en/web/labs_global/fsc-2015-1
It states as affected version:
F-SECURE INTERNET GATEKEEPER VIRTUAL APPLIANCE (IGK VA) 5.20
But then as action:Verify that the latest version of IGK VA is installed.
But the latest version available is 5.20. So is 5.20 vulnerable or not? Do we expect a 5.21 for patch?
The same clarification needed for SRS.
Someone from F-secure please?