Public Notice

Download Notice

CVE-2015-0235 - aka GHOST

27 January 2015

Status

TIBCO Software Inc. has been made aware of this vulnerability. LBNs are in the process of being published as needed;  see below.

Product(s) Affected

TIBCO Software Inc. has determined that the following products are affected:

  • TIBCO Enterprise Message Service™ (EMS) - all versions on Linux
  • TIBCO Rendezvous® (RV) - all versions on Linux
  • TIBCO FTL® (FTL) - all versions on Linux
  • TIBCO ActiveSpaces® - all versions on Linux
  • TIBCO iProcess™ - all versions on Linux
  • TIBCO LogLogic® Log Management Intelligence  (all versions) on Linux
  • TIBCO LogLogic® Enterprise Virtual Appliance (all versions) on Linux
  • TIBCO LogLogic® Security Event Manager (all versions) on Linux
  • TIBCO LogLogic® Security Event Manager Enterprise Virtual Appliance (all versions) on Linux

Notes

Please check for Late Breaking News on TIBCO Support Central.

TIBCO Software Inc. products DO NOT statically link the glibc library, so the recourse for remediation is to upgrade the OS with the new dynamic libraries using the "package manager" for your distribution; this is the responsibility of the Licensee, not TIBCO Software Inc.

LogLogic will be providing a Hot Fix for updating the 'glibc' package.  Please check for LBNs on availability.

Corporate and Services:  all public-facing systems have been reviewed and patched as necessary.