Our Security team has been made aware of a Glibc Security Vulnerability that was announced earlier this month. Refer https://access.redha...e/cve-2015-7547for more details on this vulnerability.
Details on glibc can be found here : https://en.wikipedia...i/GNU_C_Library
This vulnerability could allow a remote user to execute code as a privileged user and hence has been highlighted as Critical by Red Hat Product Security.
Affected Products :-
All versions of the glibc package were affected by this flaw.
This is a serious vulnerability and it is highly recommended to patch the servers. We have already managed to update glibc packages on all the containers. However you can find out whether your server is vulnerable or not by running the following command :-
rpm -q --changelog glibc | grep CVE-2015-7547
If the output of this command shows the following result then the server is already patched.
- Update fix for CVE-2015-7547 (#1296028).
- Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028).
If there is no output available for the above mentioned command then you need to patch the server by yourself using the following steps :-
Step 1 : You need to update the glibc package on the server.
For CentOS server, you can do this by running the command: yum -y upgrade glibc
For Unbuntu server, you can do this by running the command: apt-get install --only-upgrade libc6 -y
Step 2 : Reboot the server.
We have already applied these patches on our VPS hardware nodes. However we need to reboot the hardware nodes for the changes to take effect. The schedule for the reboot is as follows :-
Maintenance window :
Batch 1 :
Date : Thursday 25th Feb 2016
Hardware nodes : vps-in-1 to vps-in-21
Time : 19.00 IST
Batch 2 :
Date : Friday 26th Feb 2016
Hardware nodes : vps-1 to vps-26
Time : 19.00 IST
Expected downtime : 3 hours.
Even though the downtime is mentioned 3 hours, the VPS containers will be down only for a few minutes during the reboot.
Affected Services : All VPS containers hosted on the above mentioned hardware nodes.
We apologize for the inconvenience caused. Please feel free to contact our support team in case you have any queries.