cPanel Security Team: glibc CVE-2015-7547
CVE-2015-7547 is a critical vulnerability in glibc affecting any versions greater than 2.9. The DNS client side resolver function getaddrinfo() used in the glibc library is vulnerable to a stack-based buffer overflow attack. This can be exploited in a variety of scenarios, including man-in-the-middle attacks, maliciously crafted domain names, and malicious DNS servers.
What does this mean for cPanel servers?
The glibc library is provided by your operating system vendor, which is one of Red Hat, CentOS, or Cloud Linux. All supported distros have published patched versions of glibc to their mirrors to address CVE-2015-7547.
To update any affected servers, do the following:
1. Log into your server via SSH with root privileges
2. Run “yum clean all” to clear YUM’s local caches
3. Run “yum update” to install the patched version of glibc
4. After glibc is updated you should reboot the system to ensure all daemons load the newer version of the library.
You can ensure you are updated by running the command “rpm -q glibc”. The package information displayed should match the version numbers provided by Red Hat at https://access.redhat.com/articles/2161461
Red Hat Enterprise Linux 7 – glibc-2.17-106.el7_2.4
Red Hat Enterprise Linux 6 – glibc-2.12-1.166.el6_7.7
Notifications about security updates for Red Hat, CentOS, and CloudLinux can be found at the following URLs:
Red Hat http://www.redhat.com/mailman/listinfo/rhsa-announce
What steps do I need to take as an Admin/root of our servers running cPanel & WHM?
Once the RPM of glibc has been updated and the system rebooted, you are fully protected.
cPanel also recommends that you configure the system to automatically update both the base operating system and the cPanel & WHM software automatically. These settings are located in WHM’s “Update Preferences” interface.
For the PGP-Signed version of this announcement please see http://news.cpanel.com/wp-content/uploads/2016/02/glibc_notice.txt