cPanel Security Team: glibc CVE-2015-7547

CVE-2015-7547 may be a crucial vulnerability in glibc affecting any versions larger than 2.9. The DNS client side resolver function getaddrinfo() employed in the glibc library is susceptible to a stack-based buffer overflow attack. this may be exploited during a type of eventualities, as well as man-in-the-middle attacks, maliciously crafted domain names, and malicious DNS servers.

What does this mean for cPanel servers?

The glibc library is provided by your operating system vendor, which is one of Red Hat, CentOS, or Cloud Linux. All supported distros have published patched versions of glibc to their mirrors to address CVE-2015-7547.

To update any affected servers, do the following:

1. Log into your server via SSH with root privileges
2. Run “yum clean all” to clear YUM’s local caches
3. Run “yum update” to install the patched version of glibc
4. After glibc is updated you should reboot the system to ensure all daemons load the newer version of the library.

You can ensure you are updated by running the command “rpm -q glibc”. The package information displayed should match the version numbers provided by Red Hat at https://access.redhat.com/articles/2161461

Red Hat Enterprise Linux 7 – glibc-2.17-106.el7_2.4
Red Hat Enterprise Linux 6 – glibc-2.12-1.166.el6_7.7

Notifications about security updates for Red Hat, CentOS, and CloudLinux can be found at the following URLs:

Red Hat http://www.redhat.com/mailman/listinfo/rhsa-announce
CentOS http://lists.centos.org/mailman/listinfo/centos-announce
CloudLinux http://cloudlinux.com/blog/

What steps do I need to take as an Admin/root of our servers running cPanel & WHM?

Once the RPM of glibc has been updated and the system rebooted, you are fully protected.

cPanel also recommends that you configure the system to automatically update both the base operating system and the cPanel & WHM software automatically. These settings are located in WHM’s “Update Preferences” interface.

 

Source : cPanel Inc.