* On CVE-2015-7547 - glibc/getaddrinfo
@ 2016-02-17 17:14 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2016-02-17 17:14 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 785 bytes --]
Hi,
I just wanted to post my view and the next steps for a vulnerability
that was recently discovered in glibc.
https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
IPFire does not directly connect to the Internet. All DNS queries go
through a DNS proxy (dnsmasq) first. dnsmasq limits the maximum reply
size to 1280 bytes. To exploit the vulnerability, packets of at least
2048 bytes are required.
So dnsmasq protects IPFire and the systems behind it. This is however
not a reason to not patch the vulnerability. It is still a rather
serious vulnerability that makes *all* software that resolves names
vulnerable.
Arne has already branched a new Core Update which will be available for
testing soon.
Best,
-Michael
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-02-17 17:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-17 17:14 On CVE-2015-7547 - glibc/getaddrinfo Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox