In the past 24 hours Google has exposed a flaw in a commonly-used code called glibc, an open source library of code widely used in internet-connected devices.
Glibc is the C library that defines systems calls and other basic functions on Linux systems including the GNU OS and GNU Linux.
In a blog post Google revealed that their engineers and colleagues from Red Hat had investigated the flaw CVE-2015-7547, which is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. They explained that the flaw is triggered when the getaddrinfo() library function is used. It affects all versions of glibc issued since 2.9 back in May 2008 and was apparently reported to glibc administrators last July.
Glibc was also at the core of the Ghost vulnerability uncovered last year and the critical vulnerability exposed this time has been classed as severity one by iomart due to the possible attack vectors. It could potentially affect all Linux and Unix systems.
Here’s a summary of the patching process:
Known vulnerable systems are:
- Red Hat Enterprise Linux 6 & CentOS 6: RHSA-2016:0175-1
- Red Hat Enterprise Linux 7 & CentOS 7: RHSA-2016:0176-1
- Debian Squeeze, Wheezy, Jessy & Stretch: CVE-2015-7547
- Ubuntu 12.04 & 14.04 & 15.10 & 16.04: CVE-2015-7547
- ldd –version
Can be used to check your glibc version and it can be compared to the following tables to determine if you are vulnerable.
Distribution patch trackers
- Debian: https://security-tracker.debian.org/tracker/CVE-2015-7547
- Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html
- RedHat: https://access.redhat.com/security/cve/cve-2015-7547 ( https://isc.sans.edu/diary/CVE-2015-7547%3A+Critical+Vulnerability+in+glibc+getaddrinfo/20737 )
- SUSE: https://www.suse.com/security/cve/CVE-2015-7547.html
Details on how to patch this vulnerability
- Log in to your Linux server via SSH
If you are running CentOS, Red Hat or a derivative, run the following commands:
- sudo yum update glibc*
- sudo shutdown -r now
- If you are running Debian or a derivative, run the following commands:
- sudo apt-get update
- sudo apt-get upgrade glibc*
- sudo shutdown –r now
- **ubuntu 10.04 or 12.04 only**
- sudo apt-get update
- sudo apt-get upgrade libc6
This will patch your system to the latest release and negate the vulnerability. Please be aware the all systems must be restarted after this update has been applied and the commands above will perform this restart.
If you have any issues patching your system then please raise a ticket via your control panel and we will work with you to address this.
You can monitor updates on our status pages.