CVE-2015-7547 Linux glibc bug / vulnerability

February 17, 2016 — 1 Comment

On Feb 16th, Google and Red Hat announced a critical glibc stack-based buffer overflow bug. Here’s how you can patch it on Red Hat (RHEL), CentOS, etc..

This issue did not affect the version of glibc shipped with RHEL/CentOS 5 or earlier. This issue does affect the versions of glibc shipped with RHEL/CentOS 6 and 7.


Patched versions of glibc
Patched versions of glibc for RHEL/CentOS 6 and 7 are:
RH/Cent6: glibc-2.12-1.166.el6_7.7.x86_64
RH/Cent7: glibc-2.17-106.el7_2.4.x86_64


How to patch
First, run a yum update for the glibc package

Verify that the glibc update patched this vulnerability. This command will grep glibc’s changelog for the CVE number:


If your glibc didn’t update
You may want to check your cache for the repos.. you can clean/update cache by running the following:

(then try running the yum update again)


Either restart applications using old glibc or reboot
Next, either restart applications that are using the old glibc libraries or simply reboot the server. If you can not reboot the server now, you can use lsof to find and restart applications using the old.

(We recommend rebooting the server however as who knows if you’ll catch all of those)


More info
Red Hat: https://access.redhat.com/articles/2161461
Google: https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html




Trackbacks and Pingbacks:

  1. CVE-2015-7547 – glibc stack-based buffer overflow | Linux Threats - February 18, 2016

    […] You can read up on how to patch it on LinuxOS.pro. […]

Leave a Reply