it.ucsf.edu

Security Update:CRITICAL GNU glibc Vulnerability

Status Type

Security Update

Date and Time

Thursday, February 18, 2016 - 15:00

Reason

Security Update

Impact

glibc 2.9 and earlier

 

WHAT HAPPENED?
A popular open-source C library (GNU glibc) used by thousands of Unix-like machines and software contains a CRITICAL vulnerability.

Advanced Users: For a complete description of the vulnerability, affected software, and solutions refer to CVE-2015-7547 --- Glibc Getaddrinfo() Stack-based Buffer Overflow: https://www.sourceware.org/ml/libc-alpha/2016-02/msg00416.html.


AFFECTED SYSTEMS:
Applications, distributions and devices running glibc 2.9 and earlier


WHAT'S THE PROBLEM?
Glibc, or GNU C Library, is a version of the main C-Library (libc) that Unix systems rely on to run. It contains a set of all the standard features and functions required by Unix systems.

Exploitation of the vulnerability may allow an attacker to take control of your computer or result in a denial of service (DoS) condition.


HOW DO I PROTECT MY COMPUTER?
Apply system updates to affected systems as soon as patches become available and as soon as operationally feasible.


RELATED LINKS