Linux glibc vulnerability - CVE-2015-7547

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

TuxDude

Well-Known Member
Sep 17, 2011
616
338
63
It was posted in the irc channel last night, but I don't see it anywhere in the forums here.

Extremely severe bug leaves dizzying number of software and devices vulnerable

or

Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547) - Red Hat Customer Portal

And I've also gone out and verified that FreeBSD (and so pfSense and anything else based on it) does not use glibc and is not vulnerable.


Happy patching :)

Edit: forgot to paste the CVE number into the title, and I can't edit the title. but its CVE-2015-7547.
 

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,394
511
113
No wishing to tell people how to suck eggs, but in case people don't ready the CVE you'll also need/want to restart all of your network-facing services as well once you're patched (ideally doing a full reboot if you can afford it) to ensure that daemons don't keep old copies of the vulnerable glibc in memory. Debian at least doesn't force a restart on a glibc upgrade so you need to do this manually.
 

mstone

Active Member
Mar 11, 2015
505
118
43
46
No wishing to tell people how to suck eggs, but in case people don't ready the CVE you'll also need/want to restart all of your network-facing services as well once you're patched (ideally doing a full reboot if you can afford it) to ensure that daemons don't keep old copies of the vulnerable glibc in memory. Debian at least doesn't force a restart on a glibc upgrade so you need to do this manually.
On debian you can install the "needrestart" package to track that for you.