Cloud security company Qualys announced Tuesday the issues prevalent in glibc since version 2.2 introduced in 2000-11-10 (the complete Qualys announcement may be viewed here). The vulnerability, CVE-2015-0235, has been dubbed “GHOST.”

As the announcement from Qualys indicates, it is believed that MySQL and by extension Percona Server are not affected by this issue.

Percona is in the process of conducting our own review into the issue related to the Percona Server source code – more information will be released as soon as it is available.

In the interim the current advisory is to update your glibc packages for your distributions if they are in fact vulnerable. The C code from the Qualys announcement may aid in your diagnostics, section 4 of …

Qualys announced they had found an exploit in one of the Linux core libraries – glibc – using a buffer overflow technique in gethostbyname(). They have developed a proof-of-concept in which simply sending a specially created e-mail to a mail server enabled them to create a remote shell to the Linux machine. According to Qualys, “This bypasses all existing protections (like ASLR, PIE and NX) on both 32-bit and 64-bit systems.”. How does it affect MySQL servers? Read on!

The vulnerable library call provides DNS name resolution and although it’s been obsoleted in favour of other calls, it is still widely used by both legacy and modern applications.

Having a quick search, MySQL does not seem to rely on gethostbyname() almost at all. A few uses can be found in MySQL Cluster code (NDB), …