Due to a recently discovered security vulnerability in glibc, we are releasing this Core Update that contains a fix for CVE-2015-7547.

CVE-2015-7547 in glibc/getaddrinfo

The getaddrinfo() interface is glibc, the system’s main C library, is used to resolve names into IP addresses using DNS. An attacker can exploit the process in the system performing this request by sending a forged reply that is too long causing a stack buffer overflow. Code can potentially be injected and executed.

IPFire is however not directly exploitable by this vulnerability as it is using a DNS proxy, that rejects DNS responses that are too long. So IPFire itself and all systems on the network that use IPFire as DNS proxy are protected by the DNS proxy. However, we decided to push out a patch for this vulnerability as quickly as we can.

Please reboot the system after installing the update.

Published by Michael Tremer, February 22, 2016 at 9:30 pm