Reference: CERT-EU Security Advisory 2016-115 Title: UPDATE CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow Version history: 17/02/2016 Initial publication. Updated ======= CentOS has released updates to vulnerability remedy. F5 has published information about products affected products. Summary: ======== Vulnerability in glibc allows unauthenticated attacker to remotely exploit and cause: - Denial-of-Service (DoS) - Remote code execution (administrator / root privileges) - Remote code execution (User) The vulnerable library of glibc is used in OpenSSH, curl, wget and sudo. Random code might be run by application with root privileges. Denial of Service attack might be run on servers, such as mail servers [2]. The glibc library has been updated to fixes the vulnerability. Various distributions have updates available. There is a Proof of Concept script that can be used to verify if products are affected by this issue, and verify what mitigation may be adopted [1],[3]. Affected Versions: ================== Linux distributions are affected. Recommendations: =============== - Debian Debian has glibc updates available for Debian 7.0 (Wheezy) and Debian 8.0 (Jessie) to correct the vulnerabilities. Custom packages can be installed through the use of "Apt-get update and apt-get upgrade '. More information can be found at the page below: https://security-tracker.debian.org/tracker/CVE-2015-7547 - Ubuntu The problem can be corrected by updating the system. More details: http://www.ubuntu.com/usn/usn-2900-1/ - Red Hat Red Hat has updates available for Red Hat Enterprise Linux 6 and 7. You can install these updates through the command 'yum'. More information about these updates and about any manual installation is available at: Red Hat 6: https://rhn.redhat.com/errata/RHSA-2016-0175.html Red Hat 7: https://rhn.redhat.com/errata/RHSA-2016-0176.html - SUSE SUSE has issued updates available to vulnerability remedy in SUSE Linux Enterprise 11 and 12. You can install custom packages through the use of 'YaST'. You can also manually download from the SUSE FTP server (Ftp.suse.com). For more information, please visit: SUSE 11: https://www.suse.com/support/update/announcement/2016/suse-su-20160470-1.html https://www.suse.com/support/update/announcement/2016/suse-su-20160472-1.html SUSE 12: https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1.html https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html - CentOS You can install these updates Using the command 'yum'. For more information and a possible manual installation, see: CentOS 6: http://permalink.gmane.org/gmane.linux.centos.announce/9664 CentOS 7: http://permalink.gmane.org/gmane.linux.centos.announce/9668 -F5 List of affected platforms: https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html References: ========== [1] https://googleonlinesecurity.blogspot.be/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html [2] https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0167+1.01+Kwetsbaarheid+verholpen+in+glibc.html [3] https://github.com/fjserna/CVE-2015-7547 Best Regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.htmlReference: