New glibc vulnerability found: Patch for CVE-2015-7547 available now!

Posted by Curtis K in Announcements, CentOS 5, CentOS 6, CentOS 7, News, Security, Security Alerts Feb, 17 2016 2 Comments

A new exploit vulnerability has been found: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow .

According to the CVE, “A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”

RedHat has released a glibc update to patch this vulnerability.

To update glibc, run:

yum clean all && yum update "glibc*"

 

The update has only recently been pushed to yum mirrors, so if not available yet, you may need to wait until your closest mirrors are synced.

Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 13KzxfEoFPzt5ccoQvSkUEytTgQV8JN5ej
Donate
Tags With:
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the creator of CentOS Blog. Please feel free to comment any suggestions, feedback or questions on my posts!

  • David

    What’s the version id we’ll see for the patched glibc?

  • Chris Weeks

    Any news on when CentOS Atomic SIG will be updated to cover this vulnerability?