Details of VAR-201602-0004

ID

VAR-201602-0004

CVE

CVE-2015-7547

TITLE

glibc vulnerable to stack buffer overflow in DNS resolver

Trust: 0.8

sources: CERT/CC: VU#457759

DESCRIPTION

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. This update also fixes the following bugs: * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. - Upgrade HP OneView to patch version 2.00.07. - HP StoreVirtual VSA Software 12.6 - HP StoreVirtual 4130 600GB SAS Storage 12.6 - HP StoreVirtual 4130 600GB China SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage 12.6 - HP StoreVirtual 4330 900GB SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6 - HP StoreVirtual 4330 450GB China SAS Storage 12.6 - HP StoreVirtual 4330 900GB China SAS Storage 12.6 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 450GB SAS Storage 12.6 - HP StoreVirtual 4530 600GB SAS Storage 12.6 - HP StoreVirtual 4630 900GB SAS Storage 12.6 - HP StoreVirtual 4730 600GB SAS Storage 12.6 - HP StoreVirtual 4730 900GB SAS Storage 12.6 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4335 China Hybrid Storage 12.6 - HP StoreVirtual 4335 Hybrid Storage 12.6 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6 - HP StoreVirtual 4130 600GB China SAS Storage 12.6 - HP StoreVirtual 4130 600GB SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 450GB China SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 900GB China SAS Storage 12.6 - HP StoreVirtual 4330 900GB SAS Storage 12.6 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6 - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6 - HP StoreVirtual 4335 China Hybrid Storage 12.6 - HP StoreVirtual 4335 Hybrid SAN Solution 12.6 - HP StoreVirtual 4335 Hybrid Storage 12.6 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 450GB SAS Storage 12.6 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 600GB SAS Storage 12.6 - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4630 900GB SAS Storage 12.6 - HP StoreVirtual 4730 600GB SAS Storage 12.6 - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4730 900GB SAS Storage 12.6 - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-7547 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI d=emr_na-c01345499 RESOLUTION HPE has made the following software updates available to resolve the vulnerability with glibc for all of the impacted HPE StoreVirtual products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2016:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.11.src.rpm x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.17.src.rpm x86_64: glibc-2.12-1.47.el6_2.17.i686.rpm glibc-2.12-1.47.el6_2.17.x86_64.rpm glibc-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-devel-2.12-1.47.el6_2.17.i686.rpm glibc-devel-2.12-1.47.el6_2.17.x86_64.rpm glibc-headers-2.12-1.47.el6_2.17.x86_64.rpm glibc-utils-2.12-1.47.el6_2.17.x86_64.rpm nscd-2.12-1.47.el6_2.17.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.9.src.rpm x86_64: glibc-2.12-1.107.el6_4.9.i686.rpm glibc-2.12-1.107.el6_4.9.x86_64.rpm glibc-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-devel-2.12-1.107.el6_4.9.i686.rpm glibc-devel-2.12-1.107.el6_4.9.x86_64.rpm glibc-headers-2.12-1.107.el6_4.9.x86_64.rpm glibc-utils-2.12-1.107.el6_4.9.x86_64.rpm nscd-2.12-1.107.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.7.src.rpm x86_64: glibc-2.12-1.132.el6_5.7.i686.rpm glibc-2.12-1.132.el6_5.7.x86_64.rpm glibc-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-devel-2.12-1.132.el6_5.7.i686.rpm glibc-devel-2.12-1.132.el6_5.7.x86_64.rpm glibc-headers-2.12-1.132.el6_5.7.x86_64.rpm glibc-utils-2.12-1.132.el6_5.7.x86_64.rpm nscd-2.12-1.132.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.11.src.rpm i386: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-headers-2.12-1.149.el6_6.11.i686.rpm glibc-utils-2.12-1.149.el6_6.11.i686.rpm nscd-2.12-1.149.el6_6.11.i686.rpm ppc64: glibc-2.12-1.149.el6_6.11.ppc.rpm glibc-2.12-1.149.el6_6.11.ppc64.rpm glibc-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-devel-2.12-1.149.el6_6.11.ppc.rpm glibc-devel-2.12-1.149.el6_6.11.ppc64.rpm glibc-headers-2.12-1.149.el6_6.11.ppc64.rpm glibc-utils-2.12-1.149.el6_6.11.ppc64.rpm nscd-2.12-1.149.el6_6.11.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.11.s390.rpm glibc-2.12-1.149.el6_6.11.s390x.rpm glibc-common-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-devel-2.12-1.149.el6_6.11.s390.rpm glibc-devel-2.12-1.149.el6_6.11.s390x.rpm glibc-headers-2.12-1.149.el6_6.11.s390x.rpm glibc-utils-2.12-1.149.el6_6.11.s390x.rpm nscd-2.12-1.149.el6_6.11.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.17.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-static-2.12-1.47.el6_2.17.i686.rpm glibc-static-2.12-1.47.el6_2.17.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.9.src.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-static-2.12-1.107.el6_4.9.i686.rpm glibc-static-2.12-1.107.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.7.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-static-2.12-1.132.el6_5.7.i686.rpm glibc-static-2.12-1.132.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-static-2.12-1.149.el6_6.11.ppc.rpm glibc-static-2.12-1.149.el6_6.11.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-static-2.12-1.149.el6_6.11.s390.rpm glibc-static-2.12-1.149.el6_6.11.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: glibc-2.17-79.el7_1.4.src.rpm x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: glibc-2.17-79.el7_1.4.src.rpm ppc64: glibc-2.17-79.el7_1.4.ppc.rpm glibc-2.17-79.el7_1.4.ppc64.rpm glibc-common-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-devel-2.17-79.el7_1.4.ppc.rpm glibc-devel-2.17-79.el7_1.4.ppc64.rpm glibc-headers-2.17-79.el7_1.4.ppc64.rpm glibc-utils-2.17-79.el7_1.4.ppc64.rpm nscd-2.17-79.el7_1.4.ppc64.rpm s390x: glibc-2.17-79.el7_1.4.s390.rpm glibc-2.17-79.el7_1.4.s390x.rpm glibc-common-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-devel-2.17-79.el7_1.4.s390.rpm glibc-devel-2.17-79.el7_1.4.s390x.rpm glibc-headers-2.17-79.el7_1.4.s390x.rpm glibc-utils-2.17-79.el7_1.4.s390x.rpm nscd-2.17-79.el7_1.4.s390x.rpm x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: glibc-2.17-79.ael7b_1.4.src.rpm ppc64le: glibc-2.17-79.ael7b_1.4.ppc64le.rpm glibc-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm glibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm glibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm nscd-2.17-79.ael7b_1.4.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-static-2.17-79.el7_1.4.ppc.rpm glibc-static-2.17-79.el7_1.4.ppc64.rpm s390x: glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-static-2.17-79.el7_1.4.s390.rpm glibc-static-2.17-79.el7_1.4.s390x.rpm x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-static-2.17-79.ael7b_1.4.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z ZcaJTtI1osFTTkgVY6t05d0= =2Ia0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04989404 Version: 1 HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-02-18 Last Updated: 2016-02-18 Potential Security Impact: Remote Arbitrary Code Execution Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. - Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable. References: - CVE-2015-7547 - PSRT110035 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE Helion Eucalyptus 4.2.1 and earlier - HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus. + All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS: https://access.redhat.com/articles/2161461 **RHEL Note:** After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services. + New Helion Eucalyptus Service EMIs will be made available soon in the Eucalyptus software repositories at: http://downloads.eucalyptus.com/software/eucalyptus/4.2/ **Note:** This security bulletin will be revised when those updates are available. Until Helion Eucalyptus EMI updates are available, the following workaround is available to update the instances launched from eucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc packages. **Workaround:** As a cloud administrator: 1) create an update-glibc script with the following content: #! /bin/bash yum update -y glibc 2) set the following cloud properties to use that script on instance start: euctl services.imaging.worker.init_script=@update-glibc euctl services.loadbalancing.worker.init_script=@update-glibc This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account: # euare-accountlist | grep loadbalancing (eucalyptus)loadbalancing <accnt_id> # euca-describe-instances verbose | grep <accnt_id> And terminate them using euca-terminate-instances. New updated instances will be started automatically after that. For the Imaging Service, the imaging worker needs to be terminated and started again: # esi-manage-stack -a delete imaging # esi-manage-stack -a create imaging HISTORY Version:1 (rev.1) - 17 February 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. CVE-2015-8776 Adam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known. CVE-2015-8778 Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time. CVE-2015-8779 The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known. While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade. For the stable distribution (jessie), these problems have been fixed in version 2.19-18+deb8u3. For the unstable distribution (sid), these problems will be fixed in version 2.21-8

Trust: 3.15

sources: NVD: CVE-2015-7547 // CERT/CC: VU#457759 // CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 135789 // PACKETSTORM: 137497 // PACKETSTORM: 138068 // PACKETSTORM: 137112 // PACKETSTORM: 135791 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 136988 // PACKETSTORM: 135800 // PACKETSTORM: 135971

AFFECTED PRODUCTS

vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 2.0
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	1.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.19	Trust: 1.0
vendor:	sophos	model:	unified threat management software	scope:	eq	version:	9.319	Trust: 1.0
vendor:	hp	model:	helion openstack	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.21	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10.1	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.14.1	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.18	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	hp	model:	server migration pack	scope:	eq	version:	7.5	Trust: 1.0
vendor:	sophos	model:	unified threat management software	scope:	eq	version:	9.355	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	2.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12.2	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	hp	model:	helion openstack	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.20	Trust: 1.0
vendor:	hp	model:	helion openstack	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.13	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12.1	Trust: 1.0
vendor:	oracle	model:	fujitsu m10	scope:	lte	version:	2290	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.9	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.14	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.3	Trust: 1.0
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.22	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.15	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.17	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.16	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	android open source	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	arista	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	centos	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gnu glibc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gnu	model:	glibc	scope:	gt	version:	2.9	Trust: 0.6
vendor:	siemens	model:	ape	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	basic rt	scope:	eq	version:	v13	Trust: 0.6
vendor:	siemens	model:	rox ii os	scope:	gte	version:	v2.3.0<=v2.9.0	Trust: 0.6
vendor:	siemens	model:	scalance m-800 s615	scope:	eq	version:	/	Trust: 0.6
vendor:	siemens	model:	sinema remote connect	scope:	lt	version:	v1.2	Trust: 0.6

sources: CERT/CC: VU#457759 // CNVD: CNVD-2016-01100 // NVD: CVE-2015-7547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7547
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7547
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-01100
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85508
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7547
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2015-7547
severity:	HIGH
baseScore:	10.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-01100
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85508
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7547
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CERT/CC: VU#457759 // CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // NVD: CVE-2015-7547

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-85508 // NVD: CVE-2015-7547

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 135789 // PACKETSTORM: 135791

TYPE

overflow, arbitrary

Trust: 0.5

sources: PACKETSTORM: 137497 // PACKETSTORM: 138068 // PACKETSTORM: 137112 // PACKETSTORM: 136325 // PACKETSTORM: 135971

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#457759 // VULHUB: VHN-85508

PATCH

title:

Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/71529

Trust: 0.6

sources: CNVD: CNVD-2016-01100

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7547	Trust: 3.5
db:	CERT/CC	id:	VU#457759	Trust: 1.9
db:	BID	id:	83265	Trust: 1.7
db:	EXPLOIT-DB	id:	39454	Trust: 1.1
db:	EXPLOIT-DB	id:	40339	Trust: 1.1
db:	MCAFEE	id:	SB10150	Trust: 1.1
db:	PACKETSTORM	id:	167552	Trust: 1.1
db:	PACKETSTORM	id:	164014	Trust: 1.1
db:	PACKETSTORM	id:	135802	Trust: 1.1
db:	PACKETSTORM	id:	154361	Trust: 1.1
db:	SECTRACK	id:	1035020	Trust: 1.1
db:	PULSESECURE	id:	SA40161	Trust: 1.1
db:	TENABLE	id:	TRA-2017-08	Trust: 1.1
db:	ICS CERT	id:	ICSA-16-103-01	Trust: 1.1
db:	SIEMENS	id:	SSA-301706	Trust: 0.6
db:	CNVD	id:	CNVD-2016-01100	Trust: 0.6
db:	PACKETSTORM	id:	135971	Trust: 0.2
db:	PACKETSTORM	id:	137497	Trust: 0.2
db:	PACKETSTORM	id:	135791	Trust: 0.2
db:	PACKETSTORM	id:	136988	Trust: 0.2
db:	PACKETSTORM	id:	138068	Trust: 0.2
db:	PACKETSTORM	id:	135853	Trust: 0.2
db:	PACKETSTORM	id:	137112	Trust: 0.2
db:	PACKETSTORM	id:	136325	Trust: 0.2
db:	PACKETSTORM	id:	135800	Trust: 0.2
db:	PACKETSTORM	id:	135789	Trust: 0.2
db:	PACKETSTORM	id:	136808	Trust: 0.1
db:	PACKETSTORM	id:	135856	Trust: 0.1
db:	PACKETSTORM	id:	136976	Trust: 0.1
db:	PACKETSTORM	id:	136881	Trust: 0.1
db:	PACKETSTORM	id:	135911	Trust: 0.1
db:	PACKETSTORM	id:	137351	Trust: 0.1
db:	PACKETSTORM	id:	135801	Trust: 0.1
db:	PACKETSTORM	id:	136985	Trust: 0.1
db:	PACKETSTORM	id:	138601	Trust: 0.1
db:	PACKETSTORM	id:	136048	Trust: 0.1
db:	CNNVD	id:	CNNVD-201602-348	Trust: 0.1
db:	SEEBUG	id:	SSVID-90749	Trust: 0.1
db:	VULHUB	id:	VHN-85508	Trust: 0.1

sources: CERT/CC: VU#457759 // CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 135789 // PACKETSTORM: 137497 // PACKETSTORM: 138068 // PACKETSTORM: 137112 // PACKETSTORM: 135791 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 136988 // PACKETSTORM: 135800 // PACKETSTORM: 135971 // NVD: CVE-2015-7547

REFERENCES

url:	https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html	Trust: 3.3
url:	https://sourceware.org/bugzilla/show_bug.cgi?id=18665	Trust: 1.9
url:	https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html	Trust: 1.9
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17	Trust: 1.9
url:	https://bto.bluecoat.com/security-advisory/sa114	Trust: 1.9
url:	http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow	Trust: 1.9
url:	https://access.redhat.com/articles/2161461	Trust: 1.4
url:	http://rhn.redhat.com/errata/rhsa-2016-0175.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-0225.html	Trust: 1.2
url:	http://www.securitytracker.com/id/1035020	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2019/sep/7	Trust: 1.1
url:	https://seclists.org/bugtraq/2019/sep/7	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/sep/0	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/jun/36	Trust: 1.1
url:	https://www.exploit-db.com/exploits/39454/	Trust: 1.1
url:	https://www.exploit-db.com/exploits/40339/	Trust: 1.1
url:	http://www.securityfocus.com/bid/83265	Trust: 1.1
url:	http://www.debian.org/security/2016/dsa-3480	Trust: 1.1
url:	http://www.debian.org/security/2016/dsa-3481	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html	Trust: 1.1
url:	https://security.gentoo.org/glsa/201602-02	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2016-0176.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2016-0277.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html	Trust: 1.1
url:	http://ubuntu.com/usn/usn-2900-1	Trust: 1.1
url:	https://www.kb.cert.org/vuls/id/457759	Trust: 1.1
url:	http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow	Trust: 1.1
url:	http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html	Trust: 1.1
url:	http://support.citrix.com/article/ctx206991	Trust: 1.1
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 1.1
url:	http://www.vmware.com/security/advisories/vmsa-2016-0002.html	Trust: 1.1
url:	https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/	Trust: 1.1
url:	https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Trust: 1.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1293532	Trust: 1.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.1
url:	https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-103-01	Trust: 1.1
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20160217-0002/	Trust: 1.1
url:	https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html	Trust: 1.1
url:	https://support.lenovo.com/us/en/product_security/len_5450	Trust: 1.1
url:	https://www.tenable.com/security/research/tra-2017-08	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2015-7547	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7547	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=146161017210491&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=145857691004892&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=145596041017029&w=2	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10150	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=145690841819314&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=145672440608228&w=2	Trust: 1.0
url:	https://sourceware.org/glibc/wiki/glibc%20timeline	Trust: 0.8
url:	https://www.centos.org/forums/viewtopic.php?t=56467	Trust: 0.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160218-glibc	Trust: 0.8
url:	https://lists.debian.org/debian-lts-announce/2016/02/msg00009.html	Trust: 0.8
url:	http://www.ubuntu.com/usn/usn-2900-1/	Trust: 0.8
url:	http://forums.juniper.net/t5/security-incident-response/glibc-getaddrinfo-stack-based-buffer-overflow-cve-2015-7547/ba-p/288261	Trust: 0.8
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n	Trust: 0.7
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.7
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.7
url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf	Trust: 0.6
url:	https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html	Trust: 0.6
url:	https://isc.sans.edu/diary/cve-2015-7547	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=145690841819314&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145596041017029&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145672440608228&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145857691004892&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=146161017210491&w=2	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10150	Trust: 0.1
url:	https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnu	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci	Trust: 0.1
url:	http://downloads.eucalyptus.com/software/eucalyptus/4.2/	Trust: 0.1
url:	https://helion.hpwsportal.com	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222804%22%7d/s	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222800%22%7d/s	Trust: 0.1
url:	http://docs.hpcloud.com/#devplatform/2.0/gibcpatch/devplatform.glibc_patch.ht	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222955%22%7d/s	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222923%22%7d/s	Trust: 0.1
url:	https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0728	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8776	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8779	Trust: 0.1

CREDITS

Trust: 0.7

sources: PACKETSTORM: 137497 // PACKETSTORM: 138068 // PACKETSTORM: 137112 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 136988 // PACKETSTORM: 135971

SOURCES

db:	CERT/CC	id:	VU#457759
db:	CNVD	id:	CNVD-2016-01100
db:	VULHUB	id:	VHN-85508
db:	PACKETSTORM	id:	135789
db:	PACKETSTORM	id:	137497
db:	PACKETSTORM	id:	138068
db:	PACKETSTORM	id:	137112
db:	PACKETSTORM	id:	135791
db:	PACKETSTORM	id:	135853
db:	PACKETSTORM	id:	136325
db:	PACKETSTORM	id:	136988
db:	PACKETSTORM	id:	135800
db:	PACKETSTORM	id:	135971
db:	NVD	id:	CVE-2015-7547

LAST UPDATE DATE

2025-01-03T19:45:06.569000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#457759	date:	2016-03-14T00:00:00
db:	CNVD	id:	CNVD-2016-01100	date:	2016-07-12T00:00:00
db:	VULHUB	id:	VHN-85508	date:	2023-02-12T00:00:00
db:	NVD	id:	CVE-2015-7547	date:	2024-11-21T02:36:57.503

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#457759	date:	2016-02-17T00:00:00
db:	CNVD	id:	CNVD-2016-01100	date:	2016-02-18T00:00:00
db:	VULHUB	id:	VHN-85508	date:	2016-02-18T00:00:00
db:	PACKETSTORM	id:	135789	date:	2016-02-16T17:17:25
db:	PACKETSTORM	id:	137497	date:	2016-06-16T15:13:17
db:	PACKETSTORM	id:	138068	date:	2016-07-27T14:25:21
db:	PACKETSTORM	id:	137112	date:	2016-05-18T23:31:21
db:	PACKETSTORM	id:	135791	date:	2016-02-16T17:17:58
db:	PACKETSTORM	id:	135853	date:	2016-02-19T22:33:00
db:	PACKETSTORM	id:	136325	date:	2016-03-22T00:03:01
db:	PACKETSTORM	id:	136988	date:	2016-05-13T16:14:06
db:	PACKETSTORM	id:	135800	date:	2016-02-17T01:01:16
db:	PACKETSTORM	id:	135971	date:	2016-02-26T19:32:00
db:	NVD	id:	CVE-2015-7547	date:	2016-02-18T21:59:00.120