Vulnerability in glibc (CVE-2015-7547)

Last update: 20 February 2018

Information

The following information was made available by Red Hat concerning this vulnerability: A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

For further information, please refer to the References section.

Solution

At the moment we do not know about specific security issues in our products based on this vulnerability.

Regardless of this, we advise that all Linux servers using a vulnerable version of glibc are patched immediately, as there might be currently unknown situations or other vulnerable services active that may compromise the systems integrity.

Following an update of glibc there may be a change in the locale settings leading to a different localisation appearance for some Fabasoft products (eg. timestamps, currency display).
If you experience problems, such as an incorrect date format, please rerun the setup of the Fabasoft product to correct the system settings. For further information, please refer to the Applies to section.

Reruninng the Setup is required for versions earlier than

  • Fabasoft eGov-Suite 2013
  • Fabasoft Folio 2012 Spring Release

References

Applies to

  • Fabasoft Folio
  • Fabasoft eGov-Suite
  • Fabasoft Mindbreeze

Further questions?