CVE-2015-7547 glibc

Version 3

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    LANDESK is aware of the vulnerability inside of glibc which is currently used by our cloud service appliance(CSA). CSA 4.3 patch 176 will resolve this as it has an updated glibc package which corrects this vulnerability.  To update your CSA please see this page : How To: Download and Patch the 4.3 Cloud Service Appliance Manually

     

    What is this vulnerability?

     

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

     

    For more information please see CVE -CVE-2015-7547

    For more information see also Google Online Security Blog: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

     

    Affected Product(s)

    LANDESK Cloud Services Appliance version 4.3 with patch level of 175 or lower