A stack-based critical buffer overflow was found in the way the libresolv library (glibc) performed dual A/AAAA DNS queries. A remote attacker could crash or, potentially, execute code running the library on Linux.
GNU C Library (glibc) could be made to crash or run programs or commands if it received specially crafted network traffic. The vulnerability was first reported by Google and Red Hat.
What is the GNU C Library vulnerability?
All the versions of glibc since 2.9 are affected by this bug. The exploit will likely trigger a DNS lookup from a vulnerable system. DNS-based remote code execution vulnerability can cause serious problems. The CVE-2015-5229 causes calloc to return non-zero memory. This can also use to create a denial of service attack. The best option is to patch both Linux based server and client/workstation/laptop against CVE-2015-7547 and CVE-2015-5229. More information can be found at https://googleonlinesecurity.blogspot.mk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
Fix the Glibc Getaddrinfo vulnerability on a Debian or Ubuntu Linux
$ sudo apt-get update $ sudo apt-get upgrade
Fix the Glibc Getaddrinfo vulnerability on a RHEL/CentOS Linux
$ sudo yum clean all $ sudo yum update
Once the upgrade is completed, reboot your server for the changes to take effect.