Major Bug in glibc Could Result in System Compromise
Google's Security team has reported a problem with the popular glibc library found in most Linux systems that could result in a serious security breach. The problem affects glibc version 2.9 and later. Specifically, the glibc client-side DNS resolver is vulnerable to a buffer overflow attack that could cause the system to access an attacker-controlled website or DNS server.
The post in the Google security blog reports that the glibc team was first alerted to the bug in July 2015 and that Red Hat has also been working on a fix for this problem. The best remedy is to update your systems and install the patch for CVE-2015-7547 as soon as possible.
If you are not immediately able to patch glibc, Google recommends you “… limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as ensure that DNS queries are sent only to DNS servers that limit the response size for UDP responses with the truncation bit set.”
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.