Is compat-glibc affected by GHOST, glibc vulnerability (CVE-2015-0235)

Solution Unverified - Updated 5 Aug 2024

Environment

Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4

Issue

Is compat-glibc affected by GHOST, glibc vulnerability (CVE-2015-0235)?
Does Red Hat provide a fix for CVE-2015-0235 in compat-glibc?

Resolution

There is no update required for compat-glibc as it only provides interfaces for dynamically compiled applications.
Statically compiled applications must be re-compiled on the respective Red Hat Enterprise Linux release that has the fix for CVE-2015-0235. See the following KB article for information on how to update glibc: GHOST: glibc vulnerability (CVE-2015-0235).

Root Cause

The dynamic libraries provided by the compat-glibc package are not vulnerable because they do not provide runtime code. As long as the underlying glibc package is updated then dynamically compiled applications built with compat-glibc execute the updated and fixed code.

SBR

Security Vulnerabilities

Product(s)

Red Hat Enterprise Linux

Components

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.