VU#457759 Vulnerability - Security Advisory TWA SEC 3653

TCPWave Security
Date: February 18, 2016
Product

TCPWave DNS Appliance

Problem

Google has announced ”glibc getaddrinfo()” vulnerability in glibc. All the glibc versons since 2.9 are affected due to this vulnerability. For more information please visit: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow.

Workaround

None

Solution

The TCPWave DNS Appliances and TCPWave Sharkcage Appliances do not use a vulnerable version of glibc in the current production releases. A newer version that is scheduled for a summer release has been found vulnerable and has been patched. When the customers upgrade the existing appliances to a newer version, they will not be impacted by this vulnerability.

TCPWave Security