Daniel Nashed 17 February 2016 14:02:45
There is a critical issue with the glibc lib that Linux and other systems are using.
The best short description I found is the following:
"A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from the
nss_dns NSS service module. (CVE-2015-7547)"
Redhat already released patches:
And there is also a patch from SuSE
I have already updated my CentOS 6 Linux machines (via yum update).
Another interesting link is from Heise with some details in German:
Thanks to my friend Harvey Pope pointing me to this bug and sending me the Heise link!
- Comments