[Triumf-linux-managers] Critical update for glibc
Andrew Daviel
advax at triumf.ca
Tue Feb 16 19:12:47 PST 2016
A vulnerability has been found in glibc starting with version 2.9.
This is remotely exploitable via a rogue DNS server or MITM, so all that
is needed is to create an email or web page that has an object hosted on
a malicious domain.
Please ensure that glibc gets updated on SL6/CentOS6 onwards.
E.g. "rpm -qi glibc" "yum update glibc"
This just appeared on the mirrors for CentOS 6. It may take a bit
longer to hit the SL or TRIUMF mirrors.
Name : glibc Relocations: (not relocatable)
Version : 2.12 Vendor: CentOS
Release : 1.166.el6_7.7 Build Date: Tue 16 Feb 2016 10:13:27 AM PST
Install Date: Tue 16 Feb 2016 06:43:42 PM PST Build Host: c6b8.bsys.dev.centos.org
Group : System Environment/Libraries Source RPM: glibc-2.12-1.166.el6_7.7.src.rpm
For more information see cve-2015-7547 e.g.
https://isc.sans.edu/forums/diary/CVE20157547+Critical+Vulnerability+in+glibc+getaddrinfo/20737/
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
(and various news sites as usual, such as the BBC)
There is non-weaponised proof-of-concept code available at
https://github.com/fjserna/CVE-2015-7547, which I was able to run.
Google has an actual exploit, which they are not releasing.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list