Issue

• Is Jenkins vulnerable to CVE-2015-0235?

Environment

Jenkins (Enterprise)

Resolution

Jenkins is not vulnerable to CVE-2015-0235. Jenkins uses the JVM and not the *glibc *library directly.

CVE-2015-0235 was logged as a security issue in 2010, and fixed in 2013. The security vulnerability was not announced publicly until 2015, so some older linux installations would need to upgrade. See http://www.openwall.com/lists/oss-security/2015/01/27/9 for more information.