2015-01-30 UPDATE: All servers have now been patched.
A vulnerability was announced on January 27, 2015 that affects systems using the Linux operating system, or more specifically, using affected versions of the GNU C Library. The “GHOST” vulnerability, identified as CVE-2015-0235, affects most Linux systems.
It’s important to understand that there are currently no released exploits for this reported vulnerability. The current proof of concept only targets mail servers, which OneLogin does not deploy in our data centers. Additionally, the researchers that discovered the vulnerability believe that the primary software running on our external facing servers is not vulnerable to GHOST.
However, OneLogin takes every potential exposure seriously and we are currently in the process of patching all of our servers. We are closely monitoring this vulnerability for further developments.