Share This:

The Google Security Team and Red Hat have found what is deemed a critical security issue (CVE-2015-7547). A vulnerability in glibc means a craftily crafted DNS response can cause a buffer overflow and cause a crash (libresolv) or execution of code with permissions of the user running libresolv. This affects more apps then you'd expect - for example the reverse lookups done during ssh connections!

 

ADDM may be affected. Red Hat have made a patch available and we are currently testing this. Given we're so close to releasing the February OSU, we are going to pull forward rather than an emergency release with only the one update. I will update the blog post as soon as the OSU is ready.

 

More detailed information about the vulnerability:

Red Hat Article: https://access.redhat.com/articles/2161461

Google Article: https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

Mitre CVE:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547

NVD: http://https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7547

 

 

*UPDATE (19th February 2016): An RHEL6 OSU with the updated glibc packages is now available.

* UPDATE (1st March 2016): Added Mitre and NVD links.