-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel Security Team: glibc CVE-2015-7547 CVE-2015-7547 is a critical vulnerability in glibc affecting any versions greater than 2.9. The DNS client side resolver function getaddrinfo() used in the glibc library is vulnerable to a stack-based buffer overflow attack. This can be exploited in a variety of scenarios, including man-in-the-middle attacks, maliciously crafted domain names, and malicious DNS servers. What does this mean for cPanel servers? The glibc library is provided by your operating system vendor, which is one of Red Hat, CentOS, or Cloud Linux. All supported distros have published patched versions of glibc to their mirrors to address CVE-2015-7547. To update any affected servers, do the following: 1. Log into your server via SSH with root privileges 2. Run "yum clean all" to clear YUM's local caches 3. Run "yum update" to install the patched version of glibc 4. After glibc is updated you should reboot the system to ensure all daemons load the newer version of the library. You can ensure you are updated by running the command "rpm -q glibc". The package information displayed should match the version numbers provided by Red Hat at https://access.redhat.com/articles/2161461 Red Hat Enterprise Linux 7 - glibc-2.17-106.el7_2.4 Red Hat Enterprise Linux 6 - glibc-2.12-1.166.el6_7.7 Notifications about security updates for Red Hat, CentOS, and CloudLinux can be found at the following URLs: Red Hat http://www.redhat.com/mailman/listinfo/rhsa-announce CentOS http://lists.centos.org/mailman/listinfo/centos-announce CloudLinux http://cloudlinux.com/blog/ What steps do I need to take as an Admin/root of our servers running cPanel & WHM? Once the RPM of glibc has been updated and the system rebooted, you are fully protected. cPanel also recommends that you configure the system to automatically update both the base operating system and the cPanel & WHM software automatically. These settings are located in WHM's "Update Preferences" interface. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJWxM4EAAoJEJUhvtyr2U3fMUQP/2+bIVX0WBYj0dbTQrdWYw0U j2zBA3ZZBAD+KpCnC0M7VO2m5SBtbsZCc1iEiOgTON25SlnxkvUFE3Y64e9jmtWs 4iLF4VTUhqmmVUymofJJoLpYO9e1M98Cj4SqhTSirNpcrwp2dJ2voUTx5dvhGqN1 sLTYPi8schea+8CXzDyhixSEofroC2bRLWkBAGPmhK6QNO1VTactJMKwmhvD+qkz q1mxINA01aMgPARiMQXDOOSQ29cQJiwCOIdoPsf3FgxoHxTUaYauObJg/jEvs1UX DbMgwRLTgD/+Czr2TeeU3g6I1ekt8jL/sERMJaRtkUh8SqgRKj5y1VsvXJH3NneT VKAieiZzrnlHfFHzZdWG7EeDrdolyV6+b++p1NwNul4DQu6BEFczjukAc+6WgajS MKYEXocPi5VcHLfbcHWbU5Q+8axBciP5mBwXTfgdF/2mOXULyNg29fpw/p8tNAA4 2BuhqWhQb5zpa1ZwQEq3NGt2kpqdjNtF+ARCtKXpfP9KMTgESiLOdRXIWHepCI8f qowWqY6XgU5/7HU8eUmHpAeBoBh8xKKSf0k0bdczE/1LURbD1qeSLYQkO34nxTOI FCh/HNhnUYgF4eGFXexeoEht51qQAYgYSd3qxl3M6lmjqyGkLHc7JqfF7+5NzwL+ jbEKS0q2bO31+JHeX/l8 =FAyG -----END PGP SIGNATURE-----