Amazon Linux AMI: Security patch for glibc (ALAS-2016-653) (CVE-2015-7547)
|7||(AV:N/AC:M/Au:N/C:P/I:P/A:P)||February 17, 2016||February 17, 2016||October 30, 2017|
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- Gentoo Linux: CVE-2015-7547: GNU C Library: Multiple vulnerabilities
- VMSA-2016-0002: Stack buffer overflow in the glibc getaddrinfo function (CVE-2015-7547)
- FreeBSD: glibc -- getaddrinfo stack-based buffer overflow (CVE-2015-7547)
- RHSA-2016:0225: glibc security update
- Cisco NX-OS: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 (CVE-2015-7547)
- ELSA-2016-0175 Critical: Oracle Linux glibc security and bug fix update
- ELSA-2016-0176 Critical: Oracle Linux glibc security and bug fix update
- RHSA-2016:0175: glibc security and bug fix update
- RHSA-2016:0176: glibc security and bug fix update