deghost ridding the world of the ghost vulnerability one host at a time


deghostAs part of our mission to wipe the ‘ghost’ vulnerability (CVE-2015-0235) from our customers servers we have created ‘deghost’.

Deghost is a cross-distro script to determine the vulnerability of a libc library on a server and then patch that where possible.

https://github.com/pbkwee/distrorejuve

In most cases this is as simple as apt-get install libc6 or yum upgrade glibc.  But like most things there are a lot of corner cases.  This script tackles things like switch from squeeze to squeeze-lts repositories.  Changing to old-releases repositories for unsupported ubuntu distros.  And offers a (non-default) option to –break-eggs and do a dist-upgrade to the latest Debian/Ubuntu release.