On CVE-2015-7547 - glibc/getaddrinfo

Michael Tremer michael.tremer at ipfire.org
Wed Feb 17 18:14:54 CET 2016


Hi,

I just wanted to post my view and the next steps for a vulnerability
that was recently discovered in glibc.

  https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

IPFire does not directly connect to the Internet. All DNS queries go
through a DNS proxy (dnsmasq) first. dnsmasq limits the maximum reply
size to 1280 bytes. To exploit the vulnerability, packets of at least
2048 bytes are required.

So dnsmasq protects IPFire and the systems behind it. This is however
not a reason to not patch the vulnerability. It is still a rather
serious vulnerability that makes *all* software that resolves names
vulnerable.

Arne has already branched a new Core Update which will be available for
testing soon.

Best,
-Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ipfire.org/pipermail/development/attachments/20160217/83002d68/attachment.sig>


More information about the Development mailing list