This release note documents the security fixes for:
- glibc (CVE ID: CVE-2015-7547)
This vulnerability affects all versions of Cumulus Linux on all platforms (ARM, PowerPC and x86) as well as Cumulus RMP.
The patch can only be applied to switches running Cumulus Linux 2.5.0 and later. Switches running Cumulus Linux versions 1.5.0 through 2.2.2 inclusive must be upgraded to Cumulus Linux 2.5.0 at the very least; however, Cumulus Networks strongly recommends upgrading to the latest version of Cumulus Linux or Cumulus RMP, 2.5.6, before applying the patch.
To apply the patch, follow these steps:
- Reboot the switch.
New packages in
/security_update include the following (note,
<platform> is one of amd64, armel, or powerpc, depending upon whether the switch is x86, ARM or PowerPC, respectively):
libc6_2.13-38+deb7u10_<platform>.deb libc6-dev_2.13-38+deb7u10_<platform>.deb libc-bin_2.13-38+deb7u10_<platform>.deb libc-dev-bin_2.13-38+deb7u10_<platform>.deb locales_2.13-38+deb7u10_all.deb multiarch-support_2.13-38+deb7u10_<platform>.deb
For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.