Joyent Engineers are aware of the glibc (CVE-2015-7547) security vulnerability believed to be found in all versions of the glibc since 2.9. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.
For any Joyent customers using glibc in their [Docker containers2], LX zones, or KVM instances, it is advised to update glibc if you are on a vulnerable version. If the vulnerability is detected, a patch for this exploit, along with a more detailed technical explanation, is available here.
Please also check the notices applicable to the Linux Distro you are using for the necessary remedial actions, such as:
- Debian: https://security-tracker.debian.org/tracker/CVE-2015-7547
- Centos/Red Hat/Fedora: https://access.redhat.com/security/cve/cve-2015-7547
- Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html