Sierra Wireless have issued a special firmware release to address a vulnerability issue that has been found, affecting devices which use the GNU C library (glibc).
The vulnerability, named CVE-2015-0235 or “Ghost”, describes a vulnerability that may allow an attacker to execute unauthorised operations on devices running with an afftected version of the GNU C library.
Products containing the vulnerable code are the LS300, GX400, GX440, GX450, ES440 and ES450. While these devices contain the vulnerable code they are unlikely to be exploited by an attacker. As a precaution Sierra Wireless is releasing an updated version of ALEOS 4.4.0 and 4.4.0B that eliminates the vulnerable code. (The Raven, PinPoint and MP Series are all unaffected.)
Mitigation steps: what actions do I take?
Those using GX440, ES440, GX450 or ES450 products running ALEOS 4.4.0b build 4 (and earlier) software, should upgrade to ALEOS 4.4.0b build 5 which is available now.
Those using GX400 or LS300 products running ALEOS 4.4.0 build 11 (and earlier) software, should upgrade to ALEOS 4.4.0 build 12 which is available now.
Westbase customers should please contact their account managers for further help by emailing firstname.lastname@example.org or calling +44 (0) 1291 437 567.