vulnerability

RHSA-2016:0225: glibc security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2016-02-16
Added
2016-02-17
Modified
2017-10-30

Description

The glibc packages provide the standard C libraries (libc), POSIX threadlibraries (libpthread), standard math libraries (libm), and the NameServer Caching Daemon (nscd) used by multiple programs on the system.Without these libraries, the Linux system cannot function correctly.A stack-based buffer overflow was found in the way the libresolv libraryperformed dual A/AAAA DNS queries. A remote attacker could create aspecially crafted DNS response which could cause libresolv to crash or,potentially, execute code with the permissions of the user running thelibrary. Note: this issue is only exposed when libresolv is called from thenss_dns NSS service module. (CVE-2015-7547)This issue was discovered by the Google Security Team and Red Hat.All glibc users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue.

Solution(s)

redhat-upgrade-glibcredhat-upgrade-glibc-commonredhat-upgrade-glibc-debuginforedhat-upgrade-glibc-debuginfo-commonredhat-upgrade-glibc-develredhat-upgrade-glibc-headersredhat-upgrade-glibc-staticredhat-upgrade-glibc-utilsredhat-upgrade-nscd
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.