- Security
Vulnerability Management: Working With the Community To Patch Security Threats
Jesse Kinser
• 7 min read
- What's new
GHOST Mitigated And Our Patching Methodology
Mailgun Team
• 5 min read
This was originally posted on January 29, 2015.
Mailgun has completed patching all of our infrastructure against the recently announced GHOST security vulnerability.
GHOST is a security vulnerability in the gethostbyname*() family of functions of GNU C Library (glibc). This particular vulnerability allows an attacker to potentially take over a server via either a local or remote exploit.
We have monitored our logs and have no reason to believe an attacker exploited our infrastructure, this was an entirely a preventive measure. No customer data was lost or affected.
We strongly recommend all customers review and patch their infrastructure accordingly as well.
Our patching methodology
To provide a little insight into our security posture here at Mailgun, I’d like to share the following information about how we deal with security vulnerabilities.
We try to minimize the effects on our customers. That means we typically do rolling updates to ensure that a part of Mailgun is always running. This takes longer, but it allows us to minimize downtime.
For security vulnerabilities that come with either a proof of concept (POC) and/or are remote exploits for services we run, we apply these patches immediately. We also check our logs to ensure that no one was able to successfully exploit the vulnerability before we were able to patch it.
For security vulnerabilities that do not come with a POC and/or are local exploits, we typically patch our infrastructure according to our patching schedule. We do this because it takes longer to go from bug to exploit than our patching period.
We are pretty diligent about applying security updates whenever they become available. While it may seem like a low payoff way to protect server infrastructure, it actually raises the bar for the attacker. Keeping your infrastructure patched makes automated tools ineffective and requires the attacker find a bug in either our server configuration or our application itself which raises the bar for the sophistication of the attacker significantly.
Last updated on May 04, 2021
- Related posts
- Recent posts
- Top posts
- What's new
Mailpets: For The Love Of Animals
Natalie Hays• 3 min read- Security
A Word of Caution For Laravel Developers
Nick Schafer• 4 min read- Security
Privacy Matters: Your Data Is Safe With Us
Darine Fayed• 5 min read- Security
TLS Version 1.0 and 1.1 Deprecation
Chris Farmer• 6 min read- What's new
The Mailgun Maverick Program Is Here!
Mailgun Team• 4 min read- Events
Force for Change: It's Time to Speak Out
Mailgun Team• 2 min read- Best Practices
Preparing Your Email Infrastructure Correctly
Kevin George• 8 min read- Best Practices
When Should You Use An Email API?
Mary Dolan• 5 min read- Best Practices
4 Tips To Improve Your Email Deliverability In 2021
Mary Dolan• 7 min read
- Best Practices
Happy Festivus: Email Deliverability Guide For The Holiday Season
Kate Nowrouzi• 6 min read- Email DIY
Dark Mode for Email Survey: What Do Email Senders Think?
Kasey Steinbrinck• 10 min read- Email DIY
Email Accessibility Mistakes that Annoy Subscribers & How To Fix Them
Beatriz Redondo Tejedor• 13 min read- Security
Vulnerability Management: Working With the Community To Patch Security Threats
Jesse Kinser• 7 min read- What's new
Celebramos el Mes de la Herencia Hispana
Thomas Knierien• 7 min read- What's new
Sinch to Acquire Mailgun, Creating a Best-Of-Breed Cloud Communications Platform
William Conway• 4 min read- Best Practices
Spam Filters & Deliverability: Staying on the Good Side of Mailbox Providers
Alexandre Zibrick• 9 min read- Best Practices
The Future of Email: BIMI & AMP
Kate Nowrouzi• 9 min read- Events
Meet Our Amazing Pathwire Mavericks!
Mary Dolan• 9 min read- What's new
Continuing our commitment: HTTPS innovation and optimization
Chris Farmer• 7 min read
- Email DIY
Dark Mode for Email Survey: What Do Email Senders Think?
Kasey Steinbrinck• 10 min read- Email DIY
Email Accessibility Mistakes that Annoy Subscribers & How To Fix Them
Beatriz Redondo Tejedor• 13 min read- Security
Vulnerability Management: Working With the Community To Patch Security Threats
Jesse Kinser• 7 min read- What's new
Sinch to Acquire Mailgun, Creating a Best-Of-Breed Cloud Communications Platform
William Conway• 4 min read- Best Practices
The Future of Email: BIMI & AMP
Kate Nowrouzi• 9 min read- Events
Meet Our Amazing Pathwire Mavericks!
Mary Dolan• 9 min read- What's new
Continuing our commitment: HTTPS innovation and optimization
Chris Farmer• 7 min read- What's new
Mailgun Validations Now Supports Alias and Long-term Disposable Address Identification
Peter Trinder• 3 min read- What's new
Women In Tech: Amy, Jessica, And Lola
Mailgun Team• 5 min read- Best Practices
Preparing Your Email Infrastructure Correctly
Kevin George• 8 min read
Always be in the know and grab free email resources!
No spam, ever. Only musings and writings from the Mailgun team.
By sending this form, I agree that Mailgun may contact me and process my data in accordance with its Privacy Policy.
sign up
It's easy to get started. And it's free.
See what you can accomplish with the world's best email delivery platform.