Security Updates -
CVE-2015-7547 is a critical vulnerability in glibc affecting any versions greater than 2.9. The DNS client side resolver function getaddrinfo() used in the glibc library is vulnerable to a stack-based buffer overflow attack. This can be exploited in a variety of scenarios, including man-in-the-middle attacks, maliciously crafted domain names, and malicious DNS servers.
What does this mean for cPanel servers?
The glibc library is provided by your operating system vendor, which is one of Red Hat, CentOS, or Cloud Linux. All supported distros have published patched versions of glibc to their mirrors to address CVE-2015-7547.
To update any affected servers, do the following:
1. Log into your server via SSH with root privileges 2. Run "yum clean all" to clear YUM's local caches 3. Run "yum update" to install the patched version of glibc 4. After glibc is updated you should reboot the system to ensure all daemons load the newer version of the library.
You can ensure you are updated by running the command "rpm -q glibc". The package information displayed should match the version numbers provided by Red Hat at https://access.redhat.com/articles/2161461
Red Hat Enterprise Linux 7 - glibc-2.17-106.el7_2.4 Red Hat Enterprise Linux 6 - glibc-2.12-1.166.el6_7.7
Notifications about security updates for Red Hat, CentOS, and CloudLinux can be found at the following URLs:
Red Hat http://www.redhat.com/mailman/listinfo/rhsa-announce
Most useful articles
- 10. Addon Domain40%