Due to a recently discovered security vulnerability in glibc, we are releasing this Core Update that contains a fix for CVE-2015-7547.
CVE-2015-7547 in glibc/getaddrinfo
The getaddrinfo()
interface is glibc, the system’s main C library, is used to resolve names into IP addresses using DNS. An attacker can exploit the process in the system performing this request by sending a forged reply that is too long causing a stack buffer overflow. Code can potentially be injected and executed.
IPFire is however not directly exploitable by this vulnerability as it is using a DNS proxy, that rejects DNS responses that are too long. So IPFire itself and all systems on the network that use IPFire as DNS proxy are protected by the DNS proxy. However, we decided to push out a patch for this vulnerability as quickly as we can.
You will find the update in the testing tree as usual. We are looking forward to hear your feedback to be able to release this Core Update as soon as possible.