Article ID: 128390, created on Feb 19, 2016, last review on Feb 19, 2016

  • Applies to:
  • Operations Automation
  • Business Automation

Symptoms

A stack-based buffer overflow was found in libresolv in the code which performs dual A/AAAA DNS queries. A remote attacker could create specially crafted DNS responses which could cause libresolv to crash or potentially execute code with the permissions of the user running the library.

This issue has been rated as having Critical impact by Red Hat Product Security.

This issue did not affect the version of glibc shipped with Red Hat Enterprise Linux 5 or earlier. This issue affected the versions of glibc shipped with Red Hat Enterprise Linux 6 and 7.

Read more details on RedHat site

Resolution

Operation System Vendors already released corresponding updates for the glibc library, please update your OS following standard procedure as soon as possible:

RedHat/CentOS

Search Words

CVE-2015-7547

glibc stack-based buffer overflow in getaddrinfo()

security

CVE-2015-7547 glibc security

glibc

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae

Email subscription for changes to this article
Save as PDF