public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: On CVE-2015-7547 - glibc/getaddrinfo
Date: Wed, 17 Feb 2016 09:14:54 -0800	[thread overview]
Message-ID: <1455729294.4073.7.camel@ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 785 bytes --]

Hi,

I just wanted to post my view and the next steps for a vulnerability
that was recently discovered in glibc.

  https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

IPFire does not directly connect to the Internet. All DNS queries go
through a DNS proxy (dnsmasq) first. dnsmasq limits the maximum reply
size to 1280 bytes. To exploit the vulnerability, packets of at least
2048 bytes are required.

So dnsmasq protects IPFire and the systems behind it. This is however
not a reason to not patch the vulnerability. It is still a rather
serious vulnerability that makes *all* software that resolves names
vulnerable.

Arne has already branched a new Core Update which will be available for
testing soon.

Best,
-Michael

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

                 reply	other threads:[~2016-02-17 17:14 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1455729294.4073.7.camel@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox