Issue
- Is Jenkins vulnerable to CVE-2015-0235?
Environment
Jenkins (Enterprise)
Resolution
Jenkins is not vulnerable to CVE-2015-0235. Jenkins uses the JVM and not the *glibc *library directly.
CVE-2015-0235 was logged as a security issue in 2010, and fixed in 2013. The security vulnerability was not announced publicly until 2015, so some older linux installations would need to upgrade. See http://www.openwall.com/lists/oss-security/2015/01/27/9 for more information.
0 Comments