How to tell if Debian install is vulnerable to the GHOST exploitPosted in Linux/Unix/BSD -
The CVE-2015-0235 "GHOST" exploit exposes a buffer overflow in glibc gethostbyname. This post shows how you can tell if your Debian Squeeze or Lenny install is affected and how to patch it.
The CVE-2015-0235 exploit
Track the exploit and updates to Debian here at the Debian security tracker.
Squeeze / Debian 6 & Wheezy / Debian 7 are affected until updates are applied. There are security updates in place already, so you just need to update/upgrade your distro.
When eglibc is at version 2.11.3-4+deb6u4 or higher on Squeeze or 2.11.13-38+deb7u7 or higher on Wheezy, then you are OK and the exploit is patched. Note that you are looking for the "deb6u4" and "deb7u7" part. So the next version for Squeeze would be deb6u5, deb6u6 and so on.
How can I tell if my server is affected?
Run this from the command line:
Look at the first line for the eglibc version; the following example is from an unpatched Debian Squeeze server:
ldd (Debian EGLIBC 2.11.3-4+deb6u1) 2.11.3 Copyright (C) 2009 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.
Note that the version is 2.11.3-4+deb6u1, so it's affected.
How to update
Of course you'll regularly update your Debian servers so know how to do this already ;)
apt-get update apt-get upgrade
You'll need to reboot your server after doing the updates, because of the reliance various services and applications have on glibc / eglibc.
What about Debian Lenny?
There do not appear to be any plans to patch Lenny, so you're out of luck for an easy update. There's some instructions here at serverfault about how to do a source patch to do it yourself.