RHSA-2016:0175: glibc security and bug fix update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | February 16, 2016 | February 17, 2016 | October 30, 2017 |
Description
The glibc packages provide the standard C libraries (libc), POSIX threadlibraries (libpthread), standard math libraries (libm), and the NameServer Caching Daemon (nscd) used by multiple programs on the system.Without these libraries, the Linux system cannot function correctly.A stack-based buffer overflow was found in the way the libresolv libraryperformed dual A/AAAA DNS queries. A remote attacker could create aspecially crafted DNS response which could cause libresolv to crash or,potentially, execute code with the permissions of the user running thelibrary. Note: this issue is only exposed when libresolv is called from thenss_dns NSS service module. (CVE-2015-7547)This issue was discovered by the Google Security Team and Red Hat.This update also fixes the following bugs:All glibc users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
redhat-upgrade-glibcRelated Vulnerabilities
- Gentoo Linux: CVE-2015-7547: GNU C Library: Multiple vulnerabilities
- VMSA-2016-0002: Stack buffer overflow in the glibc getaddrinfo function (CVE-2015-7547)
- FreeBSD: glibc -- getaddrinfo stack-based buffer overflow (CVE-2015-7547)
- RHSA-2016:0225: glibc security update
- Cisco NX-OS: Vulnerability in GNU glibc Affecting Cisco Products: February 2016 (CVE-2015-7547)
- ELSA-2016-0175 Critical: Oracle Linux glibc security and bug fix update
- ELSA-2016-0176 Critical: Oracle Linux glibc security and bug fix update
- RHSA-2016:0176: glibc security and bug fix update
- Amazon Linux AMI: Security patch for glibc (ALAS-2016-653) (CVE-2015-7547)