A potentially serious security vulnerability (CVE-2015-0235) affecting most Linux distributions was disclosed on Tuesday, 01/27/2015. This vulnerability has been named "GHOST". This is due to the method by which a system can be exploited.
Nearly every installed Linux-based system is vulnerable. While this is true, the real-world application is still being determined. According to Qualys, who is credited with discovering the vulnerability, it is possible to receive access to a remote shell using this bug.
Cloud File Server
A fix for this vulnerability was made available for the Linux distributions on Tuesday evening. The Egnyte Security team along with the Operations team executed an emergency change management procedure to deploy this fix. Unfortunately, this patch required a reboot of our servers. Some customers may have experienced intermittent access during this time period. All update process was completed by 01/28/15, 6:00AM Pacific.
Storage Sync & Storage Connect
VM Deployments: There is no known way to exploit this vulnerability on Storage Sync and Storage Connect on VM deployments. However to be cautious, we will update our VM's with the security patch and issue a software release at the earliest.
Native Deployments (Storage Sync on NETGEAR & Synology): We are anticipating firmware upgrades from NETGEAR and Synology and are working with these hardware vendors to coordinate our product release.
If you have any questions, please submit a request.
Further reading can be found here:
- Kris Lahiri
Chief Security Officer, Egnyte Inc.