FRIDAY SPOTLIGHT: CVE-2015-7547 - Ksplice solves glibc flaw with zero-downtime and no disruptions
By Michele Casey on Feb 19, 2016
This week we have seen a new vulnerability making the rounds involving glibc. The issue at hand involves a couple of libraries (libresolv and libnss_dns), which are used commonly with tasks like DNS lookups. Using the function getaddrinfo() could generate a stack buffer overflow with larger replies, which in turn could be used maliciously to trigger an exploit through attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.
The glibc upstream project released a patch for this issue and most distributions (including Oracle Linux) have released updated glibc packages containing this fix. Since glibc is a core system library that is used by almost every application on a system, updates to the package typically require restarting applications and best practices would suggest a system reboot.
Oracle Linux customers with premier support have the advantage of our Ksplice services, which makes it possible to install both kernel and user space updates without the need to restart applications or reboot the system. If you would like more information about Ksplice and Oracle Linux, please visit our website.