1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Use Linux? Stop what you're doing and apply this patch

Discussion in 'CSO' started by RSS, Feb 17, 2016.

  1. RSS

    RSS New Member Member

    A buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users.

    Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side resolver that opens the door to remote code execution when a particular library function is used. Software using the function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.

    Glibc, which was also at the core of the "Ghost" vulnerability found last year, is a C library that defines system calls and other basic functions on Linux systems. Its maintainers had apparently been alerted of the new problem last July, but it's not clear if any remediation effort was launched at that time.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page