TPS-2016-004 2015-7547 glibc getaddrinfo stack-based buffer overflow

Joyent Engineers are aware of the glibc (CVE-2015-7547) security vulnerability believed to be found in all versions of the glibc since 2.9. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

For any Joyent customers using glibc in their [Docker containers2], LX zones, or KVM instances, it is advised to update glibc if you are on a vulnerable version. If the vulnerability is detected, a patch for this exploit, along with a more detailed technical explanation, is available here.

Please also check the notices applicable to the Linux Distro you are using for the necessary remedial actions, such as:

• Debian: https://security-tracker.debian.org/tracker/CVE-2015-7547
• Centos/Red Hat/Fedora: https://access.redhat.com/security/cve/cve-2015-7547
• Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html

If you have any further questions or concerns, please contact Joyent Support by submitting a request at the Customer Support Portal or via email to support@joyent.com.