Critical: glibc security and bug fix update
Daniel Nashed – 17 February 2016 13:02:45
There is a critical issue with the glibc lib that Linux and other systems are using.
The best short description I found is the following:
"A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from the
nss_dns NSS service module. (CVE-2015-7547)"
Redhat already released patches:
https://rhn.redhat.com/errata/RHSA-2016-0175.html
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
And there is also a patch from SuSE
https://www.suse.com/support/update/announcement/2016/suse-su-20160470-1.html
I have already updated my CentOS 6 Linux machines (via yum update).
Another interesting link is from Heise with some details in German:
http://www.heise.de/newsticker/meldung/glibc-Dramatische-Sicherheitsluecke-in-Linux-Netzwerkfunktionen-3107621.html
Thanks to my friend Harvey Pope pointing me to this bug and sending me the Heise link!
Daniel
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}