• Your cart is empty
  •  

SimplerCloud Pte Ltd

×
×

News: Security Advisory: GNU C Library vulnerability

Published: 18/02/2016 Back

We would like to bring to your attention a new security vulnerability affecting the GNU C Library (glibc and eglibc packages) available on most Linux systems. It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution, allowing a remote attacker to use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.


This vulnerability has been assigned CVE code: CVE-2015-7547.


Is My Linux system Affected?


Some of the Linux distros and versions affected by the vulnerability includes, but not limited to, below:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- CentOS 7
- CentOS 6
- Debian 8
- Debian 7


How Can I Fix This Vulnerability?


You may install the latest patches for your Linux operating systems, which will also install the latest version of GNU C Library to fix the problem.


On Ubuntu or Debian systems, please run below command to install the latest patches for your operating system:


===
apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
===


On CentOS systems, please run below command to install the latest patches for your operating system:


===
yum update -y
===


Please reboot your servelet once the new patches have been installed for the changes to take effect.


What You Need To Do

We advised customers who are running affected Linux systems to patch their systems as soon as possible. You may use the above instructions under the "How Can I Fix This Vulnerability?" section on how to patch your system. You need to reboot your servelets / servers for the changes to take effect.

You can engage our system administration service if you need our assistance in patching your servelets / servers. For applying this fix, you may order by logging in to our portal and then go to Order > Additional Services > Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", GNU C Library and Poodle SSLV3 Vulnerability - $10.


More information:


CVE-2015-7547 - https://access.redhat.com/security/cve/cve-2015-7547
Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547) - https://access.redhat.com/articles/2161461
USN-2900-1: GNU C Library vulnerability - http://www.ubuntu.com/usn/usn-2900-1/
CVE-2015-7547 - https://security-tracker.debian.org/tracker/CVE-2015-7547