Article ID: 124314, created on Jan 28, 2015, last review on Jan 28, 2015

  • Applies to:
  • Plesk Automation


During a code audit performed internally at Qualys a heap-based buffer overflow was found in glibc's "__nss_hostname_digits_dots()" function, which is used by the gethostbyname() and gethostbyname2() glibc function calls.


There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.

More information about CVE-2015-0235 can be found in Qualys Blog and on Openwall website.

Call to Action

  1. To close the vulnerability, install the latest available version of glibc from the OS vendor repository on the Management Node and all the Linux service nodes:

    # yum update glibc
  2. Restart PPA services:

    # /etc/init.d/pem restart
    # /etc/init.d/pemui restart
    # /etc/init.d/psa restart
  3. Restart network services having external access (for example Apache, SSH, MySQL).

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Parallels for important product-related information via these methods:

Search Words


Security Advisory


e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF