security

Popular media outlets are reporting a new vulnerability that was recently discovered in "glibc" which is a key component in most modern Linux systems. For background, you can read the details of the original discovery and the summary information on the risk rating for this vulnerability.

The CenturyLink Cloud® platform is largely unaffected by this issue. We have patched our DNS servers and the default DNS servers used by customer virtual machines on our platform. Customers running their own DNS servers on Linux-based virtual machines or customers not using the default CenturyLink Cloud DNS servers should apply the released patches to these servers as soon as possible.

For customers using the CenturyLink Cloud® Intrusion Prevention Service (IPS) your hosts already have detection enabled for any attempts to exploit this vulnerability. This particular signature is set to "detect only" rather than "block" in order to prevent unintended impact to production services. The IPS system will send you an alert using the configured mechanisms if there are any attempts at an exploit. We recommend you update the operating system on your servers according to your standard maintenance cycle. You can learn more by reading our IPS Anywhere post.

For CenturyLink Cloud® customers using VMs with a managed operating system, please submit a request to have the patches applied to your virtual machines by contacting the CenturyLink Client Service Center at 1-888-638-6771 and choose menu option 2 or email [email protected] to submit your request for a maintenance activity.

For reference, here are links to various operating system sites with details on the patches: