-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aruba Product Security Advisory
===============================

Advisory ID: ARUBA-PSA-2015-002
CVE: CVE-2015-0235
Publication Date: 2015-Feb-05
Status: Not vulnerable
Revision: 1



Title
=====
Buffer Overflow in glibc, aka "GHOST"
 

Overview
========

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 
and other 2.x versions before 2.18, allows context-dependent attackers to execute 
arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 
function, aka "GHOST."


Affected Aruba Products
=======================

 None


Details
=======

See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235 for further
details on the vulnerablity itself.

Multiple Aruba products are built on top of Linux and other open-source products.
A vulnerable version of the 'glibc' C library is present in these products.

However, the GHOST vulnerability requires a specific set of conditions to be
present before the vulnerablity can be exploited.  Aruba has analyzed usage
of the vulnerable function within all Aruba products and has determined that
the vulnerability is not exploitable through any standard interfaces.


Resolution
==========

Aruba will patch the C library in all products during the normal course of
product maintenance.  In general, the next available maintenance release
after the publication of the advisory will contain the fix.  This is being
done as a precaution, to ensure that any new features developed in the future
do not become vulnerable through GHOST.

AirWave customers may manually apply a fix by logging into a root shell and
issuing the command:
  yum update glibc


Obtaining Fixed Software
========================

Aruba customers can obtain software updates on the support website:
	http://support.arubanetworks.com


Aruba Support contacts are as follows:

	+1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
	
	+1-408-754-1200 (toll call from anywhere in the world)

	The full contact list is at:
	http://www.arubanetworks.com/support-services/support-program/contact-support/

	e-mail: support(at)arubanetworks.com

Please do not contact "sirt(at)arubanetworks.com" for software upgrades.


Revision History
================

      Revision 1.0 / 2015-Feb-05 / Initial release


Aruba SIRT Security Procedures
==============================

Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at:

http://www.arubanetworks.com/support-services/security-bulletins/
   
  
For reporting *NEW* Aruba Networks security issues, email can be sent to
sirt(at)arubanetworks.com. For sensitive information we encourage the use of 
PGP encryption. Our public keys can be found at:

http://www.arubanetworks.com/support-services/security-bulletins/


(c) Copyright 2015 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJU06ZFAAoJEJj+CcpFhYbZLkYH/15eCD7DIOLSGnFVTE4Xm/A5
nGTcKs0h35NUgcvpnilUrDvu4JLp927GSeeSYfVtYjRIQEQ6aHSas5Jlzh81A1/z
Y1UTmqPvtsxCo7W+H4EpJ+wBtx1urAoiW/7FKW64W9UCH790H66IGWFTpZ/FXdwN
CyosVcvJPAjMi5eicbEnqX9RyqDg8bp/9sjvVurOP2YswuZfMxs9x8wixlYQgyCW
aw8RCa07xlNj5ZMB5aOiCj4LM89Gm7DvTjr1Eta64sTbQCt4bTMp63VSQ75C2kjS
x3nzyFA1DZizN/zM/yRvB4TCrMzpqmFP8kBD9/CcqkI4C2twxX7MyrX87kgq7HQ=
=X9r6
-----END PGP SIGNATURE-----