CVE-2015-7547: getaddrinfo() stack-based buffer overflow
John W. Blue
john.blue at rrcic.com
Wed Feb 17 16:46:12 UTC 2016
I agree with Reindl, but (at the risk of this sounding bad) it also underscores why it is important to proactive in management of risk and change.
If you don't know what you don't know that is very risky behavior. If there is a collective freak out on what to do to get something fixed regardless of the pain and suffering, well .. that is poor change management. The good news is that both of those over-arching issues are addressable.
John
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Reindl Harald
Sent: Wednesday, February 17, 2016 10:34 AM
To: bind-users at lists.isc.org
Subject: Re: CVE-2015-7547: getaddrinfo() stack-based buffer overflow
Am 17.02.2016 um 17:22 schrieb Dominique Jullier:
> Are they any thoughts around, how to handle yesterday's glibc
> vulnerability[1][2] from the side bind?
>
> Since it is a rather painful task in order to update all hosts to a
> new version of glibc, we were thinking about other possible
> workarounds
Fedora, RHEL and Debian as well as likely all other relevant distributions are providing a patched glibc - dunno what is "rather painful" to apply a ordinary update like kernel security updates and restart all network relevant processes or reboot
More information about the bind-users
mailing list