Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Fedora 23 Glibc Security Update: Critical DNS Resolver Buffer Overflow

fedora
Calendar Grey February 17, 2016
Dist Fedora Esm H88
Essential security patch for glibc tackling DNS resolver vulnerabilities and buffer overflow in Fedora 23 update.
This updates addresses a critical security vulnerability in the DNS resolver related to `AF_UNSPEC` queries with `getaddrinfo` (CVE-2015-7547)

Summary

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

Update Information:

This updates addresses a critical security vulnerability in the DNS resolver related to `AF_UNSPEC` queries with `getaddrinfo` (CVE-2015-7547). In addition, a bug that causes Hesiod lookups to fail with a crash is fixed.

Change Log

References


[ 1 ] Bug #1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1293532

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: glibc
Product: Fedora 23
Version: 2.22
Release: 9.fc23
Summary: The GNU libc libraries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.