Blog Company Responding to Ghost
Published on: January 28, 2015
2 min read

Responding to Ghost

A response from GitLab to the announcem,ent of the glibc vulnerability 2015, this had liitle impacty on GitLab, but latest OS updates are recomended.

Blog fallback hero

Yesterday the Ghost vulnerability in glibc was announced. A bug in a networking function in the version of the C standard library found on many Linux systems can potentially lead to remote code execution. There is no indication at this time that this bug can be exploited against GitLab but it is nevertheless recommendable to install the latest updates from your OS vendor. In this post we will tell you how we did this at GitLab B.V.

1. Update your OS packages

The first step for us was to run apt-get upgrade and yum update on all our Linux machines.

2. Reboot your machine

Rebooting your server(s) is disruptive but with something as common as the C standard library, it is difficult to pinpoint the individual services that need to be restarted. If you reboot you are sure you caught them all; this is what we did with our Linux servers.

If you do decide to restart only selected services instead of the whole server, you can restart GitLab with sudo gitlab-ctl restart (for Omnibus packages) or sudo service gitlab restart (for installations from source).

Fast 'reboots' using HA

Rebooting one of our gitlab.com production servers can easily take 5 minutes. To reduce the downtime for our users we used our DRBD-based clustered setup. First we installed updated packages on our stand-by server, followed by a reboot. Then we did a failover from the active server to the stand-by in under a minute. This gives us the same end result as a server reboot, namely gitlab.com running on a freshly booted server, without having to wait for the reboot cycle of an individual server.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert