Guard against “GHOST” vulnerability

A new vulnerability in the Linux GNU C Library (glibc), identified in advisory CVE-2015-0235 and known as GHOST, exposes a buffer overflow weakness which allows unauthorized users to execute arbitrary codes via the gethostbyname( ) and gethosbyname2( ) functions on Linux systems, resulting in potential data theft or system intrusion.

Zyxel is well aware of the vulnerability and assures customers that only a limited number of products embedded with the affected glibc are affected, as listed in the table below. However, Zyxel also assures all customers behind these products will be protected by up-to-date IDP signature support. The vulnerability has been proven less likely to be exploited in real-life scenarios.

A firmware plan for the affected models is scheduled for release in the first week of March. Zyxel recommends that all customers upgrade device firmware to the latest available version for optimal network protection. This advisory will be updated when additional information becomes available. Please contact your local sales or service representatives if you require further information.

Products applied

Product	Firmware Update Schedule
USG Series	1^st week of March, 2015
ZyWALL Series	1^st week of March, 2015

The company

News

Customer stories

Sustainability

Events

Awards

The Minimal Series

Zyxel Communications achieves Wi-Fi Alliance’s Wi-Fi 7 certification

NR5307

Security advisories

Multimedia

Partner portal

GPL-OSS software notice

Sustainability

Popular searches

Guard against “GHOST” vulnerability

Products applied