This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Security Update for CVE-2015-7547: glibc getaddrinfo Stack-based Buffer Overflow Vulnerability

Follow

This release note documents the security fixes for:

This vulnerability affects all versions of Cumulus Linux on all platforms (ARM, PowerPC and x86) as well as Cumulus RMP.

The patch can only be applied to switches running Cumulus Linux 2.5.0 and later. Switches running Cumulus Linux versions 1.5.0 through 2.2.2 inclusive must be upgraded to Cumulus Linux 2.5.0 at the very least; however, Cumulus Networks strongly recommends upgrading to the latest version of Cumulus Linux or Cumulus RMP, 2.5.6, before applying the patch.

To apply the patch, follow these steps:

  1. Run apt-get update.
  2. Run apt-get dist-upgrade
  3. Reboot the switch.

New packages in /security_update include the following (note, <platform> is one of amd64, armel, or powerpc, depending upon whether the switch is x86, ARM or PowerPC, respectively):

libc6_2.13-38+deb7u10_<platform>.deb
libc6-dev_2.13-38+deb7u10_<platform>.deb
libc-bin_2.13-38+deb7u10_<platform>.deb
libc-dev-bin_2.13-38+deb7u10_<platform>.deb
locales_2.13-38+deb7u10_all.deb
multiarch-support_2.13-38+deb7u10_<platform>.deb

For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk