The Apache CloudStack Blog Open Source Cloud Computing

CloudStack and the "Ghost" glibc vulnerability

by jlk

Posted on Wednesday January 28, 2015 at 07:06PM in News

UPDATE: mitigation instructions have been improved (don't update openswan) and we forgot to mention rebooting.
UPDATE: Links to updated System VM templates are now below

Yesterday, a buffer overflow vulnerability was announced in glibc that affects most current Linux distributions. In CloudStack, the system VMs contain a vulnerable version of glibc.

CloudStack community members have built an updated system VM template, which ShapeBlue is hosting at (More information on the packages at

For instructions on how to update the SystemVM template in CloudStack, see here.

For those who wish to patch their running system VMs, ssh into each one and run:

apt-mark hold openswan
apt-get clean
apt-get update && apt-get upgrade
After updating glibc, the system will need to be rebooted.

Information about how to connect to your System VMs is available here.

Other CloudStack-related systems may be affected!

Please review security updates from Linux distributions you use on your management server, storage systems, hypervisors, as well as other Linux VMs and bare-metal systems running in your environments. This post provides instructions for determining if a system is vulnerable, as well as patching directions for common Linux distributions.


NOTE: There is correction in the above: 1. Mark openswan to not upgrade, or else VPN related functionality may break: apt-mark hold openswan 2. Clean old cache (not clean can cause disk space issues): apt-get clean 3. Now upgrade: apt-get update && apt-get upgrade 4. Restart the VM (if that is not the options, restart remote services such as SSH, DNS, DHCP, VPN etc). Updated systemvm templates are available for download from here: More information on packages here:

Posted by Rohit Yadav on January 28, 2015 at 08:03 PM UTC #

Thank you for this important vulnerability notification.

Posted by on February 03, 2015 at 12:22 AM UTC #

See how far we go now

Posted by on July 03, 2017 at 04:03 AM UTC #

Comments are closed for this entry.