Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed


Critical: glibc security and bug fix update

Daniel Nashed  17 February 2016 13:02:45

There is a critical issue with the glibc lib that Linux and other systems are using.

The best short description I found is the following:

"A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from the
nss_dns NSS service module. (CVE-2015-7547)"

Redhat already released patches:

And there is also a patch from SuSE

I have already updated my CentOS 6 Linux machines (via yum update).

Another interesting link is from Heise with some details in German:

Thanks to my friend Harvey Pope pointing me to this bug and sending me the Heise link!




    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]