New glibc vulnerability found: Patch for CVE-2015-7547 available now!

Posted by Curtis K in Announcements, CentOS 5, CentOS 6, CentOS 7, News, Security, Security Alerts Feb, 17 2016 2 Comments

A new exploit vulnerability has been found: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow .

According to the CVE, “A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.”

RedHat has released a glibc update to patch this vulnerability.

To update glibc, run:

yum clean all && yum update "glibc*"

 

The update has only recently been pushed to yum mirrors, so if not available yet, you may need to wait until your closest mirrors are synced.

Scan to Donate Bitcoin to Curtis K
Did you like this?
Tip Curtis K with Bitcoin
Donate via Installed Wallet
Tags With:
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!