Linux glibc vulnerability - CVE-2015-7547

TuxDude

Well-Known Member
Sep 17, 2011
615
336
63
It was posted in the irc channel last night, but I don't see it anywhere in the forums here.

Extremely severe bug leaves dizzying number of software and devices vulnerable

or

Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547) - Red Hat Customer Portal

And I've also gone out and verified that FreeBSD (and so pfSense and anything else based on it) does not use glibc and is not vulnerable.


Happy patching :)

Edit: forgot to paste the CVE number into the title, and I can't edit the title. but its CVE-2015-7547.
 

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,269
430
83
No wishing to tell people how to suck eggs, but in case people don't ready the CVE you'll also need/want to restart all of your network-facing services as well once you're patched (ideally doing a full reboot if you can afford it) to ensure that daemons don't keep old copies of the vulnerable glibc in memory. Debian at least doesn't force a restart on a glibc upgrade so you need to do this manually.
 

mstone

Active Member
Mar 11, 2015
505
117
43
42
No wishing to tell people how to suck eggs, but in case people don't ready the CVE you'll also need/want to restart all of your network-facing services as well once you're patched (ideally doing a full reboot if you can afford it) to ensure that daemons don't keep old copies of the vulnerable glibc in memory. Debian at least doesn't force a restart on a glibc upgrade so you need to do this manually.
On debian you can install the "needrestart" package to track that for you.