Solved: Ghost Vulnerability patching confusion

Tim Hamblin · ‎03-20-2015

Hi all,

We are currently running ACS v5.4 and were looking to go to patch 7 initially to combat shellshock.

Then GHOST came along so we waited for Cisco's advisory on the best version to go to.

This has now come out and the advisory is less than helpful!!! - https://tools.cisco.com/bugsearch/bug/CSCus68826

On one habd it seems to say 5.4 is good and on the other that all versions are vulnerable!

Can anybody clarify what patch/version we need to negate the vulnerability please :)

Document is too confusing!!!

Tim

Kanwaljeet Singh · ‎03-22-2015

Hi Tim,

I have double checked and all 5.x versions are affected. The fixes are not available for 5.4 or 5.3 but 5.5 and 5.6. Kindly upgrade to get the fixes.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

mohanak · ‎03-23-2015

Install the latest patches 5.5 Patch 8 and 5.6 patch 3.

Kanwaljeet Singh · ‎03-22-2015