Trend Micro is aware of the soon to be officially announced Linux “GHOST” remote code execution vulnerability (CVE-2015-0235). This vulnerability affects Linux GNU C Library (glibc) versions prior to version 2.18.
Trend Micro is investigating if any of its products and services may be affected and/or are vulnerable. Below is the reviewed VRTS data as of February 3, 2015. This list will continually be updated as the investigation on additional products are completed, as well as information for any patches or solutions required if necessary.
Products that are not affected:
| Products | Version |
|---|---|
| Core Protection Module for Mac | All versions |
| Deep Security | All versions |
| InterScan for Unix | All versions |
| InterScan Messaging Security Suite | All versions |
| InterScan VirusWall | 6.02 |
| ScanMail for IBM Domino | 5.6 |
| ScanMail for Lotus Domino | 3.0, 5.0, 5.5 |
| ServerProtect for Linux | All versions |
| Titanium | All versions |
| Titanium for Mac | All versions |
| Trend Micro Full Disk Encryption | 5.0, 3.1.3 |
| Trend Micro Security for Mac | 2 |
| Products | Version | Fix Location |
|---|---|---|
| Deep Discovery Advisor | 3.0 SP1 | DDA 3.0 SP1 Critical Patch 3093 |
| Deep Discovery Analyzer | 5.0 | DDAN 5.0 Critical Patch 1076 |
| InterScan Messaging Virtual Appliance | 8.0, 8.2, 8.5, 9.0 | IMSVA 8.0 Critical Patch 15020 IMSVA 8.2 Critical Patch 17670 IMSVA 8.5 Critical Patch 16290 IMSVA 9.0 Critical Patch 15140 |
| Trend Micro Smart Protection Server | 2.5, 2.6, 3.0 | TMSPS 2.5 Critical Patch 2197 TMSPS 2.6 Critical Patch 2092 TMSPS 3.0 Critical Patch 1212 |
Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro Technical Support representatives for assistance.
References:
