GHOST Vulnerability
There is a new high-profile security incident in the news. Identity Automation takes security very seriously and we wanted to update our customers as to the status of our research into the vulnerability in order to minimize risk to your Identity Automation Software Appliances.
In January 2015, the GHOST vulnerability was announced. Details can be found in various vulnerability databases on the internet. One such CVE report can be found here:
https://access.redhat.com/security/cve/CVE-2015-0235
While we're not currently aware of any of our services which are directly exploitable because of the wide usage of the vulnerable glibc library in many of the underlying Linux processes, we understand if customers' security teams desire to have the appropriate patch applied.
If you would like to have our support team update the glibc libraries on your appliances, or discuss this vulnerability, please contact us at support@idauto.net.