Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 13 subscribers
  • Views 28449 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2015-7547 status/fix ?

StephaneGROBETY

Hello,


I would like to know the status of UTM 9 regarding the newly discovered bug in glibc CVE-2015-7547 (buffer overflow in getaddrinfo()). it looks like the current version is vulnerable and therefore will require a fix.

I don't think there is a workaround possible: the suggested ones all resolve around blocking UDP DNS packets larger than 512 bytes and I don't think that is possible in UTM.



This thread was automatically locked due to age.
Parents
  • 0
    As this seems to be a huge problem I suspect Sophos to keep us updated via their blog. We are also waiting for a confirmation of the info this technican gave you. Don't get me wrong - thanks for that info - but there must be an official release note for this to make me believe it.
Reply
  • 0
    As this seems to be a huge problem I suspect Sophos to keep us updated via their blog. We are also waiting for a confirmation of the info this technican gave you. Don't get me wrong - thanks for that info - but there must be an official release note for this to make me believe it.
Children
No Data