Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 13 subscribers
  • Views 28461 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2015-7547 status/fix ?

StephaneGROBETY

Hello,


I would like to know the status of UTM 9 regarding the newly discovered bug in glibc CVE-2015-7547 (buffer overflow in getaddrinfo()). it looks like the current version is vulnerable and therefore will require a fix.

I don't think there is a workaround possible: the suggested ones all resolve around blocking UDP DNS packets larger than 512 bytes and I don't think that is possible in UTM.



This thread was automatically locked due to age.
Parents
  • 0
    Thanks Thomas!

    @teched: Oh dear... that reminds me of one of these big issues the last years - was it heartbleed? - don't remember.
    It took a huge amount of time for the fix to show up AND it was a broken fix. Hell broke loose these days.

    But I see no reason to complain yet - they planned the fix properly and the risk is ... soso...
    So let them do their job and let them do it properly. As Thomas stated: risking to brake things is the worst option.
Reply
  • 0
    Thanks Thomas!

    @teched: Oh dear... that reminds me of one of these big issues the last years - was it heartbleed? - don't remember.
    It took a huge amount of time for the fix to show up AND it was a broken fix. Hell broke loose these days.

    But I see no reason to complain yet - they planned the fix properly and the risk is ... soso...
    So let them do their job and let them do it properly. As Thomas stated: risking to brake things is the worst option.
Children
No Data