Hi,

I just wanted to post my view and the next steps for a vulnerability that was recently discovered in glibc.

https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddr...

IPFire does not directly connect to the Internet. All DNS queries go through a DNS proxy (dnsmasq) first. dnsmasq limits the maximum reply size to 1280 bytes. To exploit the vulnerability, packets of at least 2048 bytes are required.

So dnsmasq protects IPFire and the systems behind it. This is however not a reason to not patch the vulnerability. It is still a rather serious vulnerability that makes *all* software that resolves names vulnerable.

Arne has already branched a new Core Update which will be available for testing soon.

Best, -Michael