It has been another interesting week from the security perspective, since most administrators have been busy in the past few days patching the latest vulnerability marked as CVE-2015-7547.
It is a buffer overflow in the getaddrinfo() function which is a part of the GNU C Library (glibc), you can read more about it at the following links:
- CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow [Google Online Security Blog]
- Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547) [Red Hat Customer Portal]
Even though this is not a bug in our software, it is a bug in one of the core Linux libraries – we feel that a bug with such severity deserves a blog post so that our users can be informed of the actions taken by our administrators, as well as any additional recommendations.
ISL Online administrators have promptly applied the glibc patches to all the appropriate server machines as soon as they became available in the official repositories, so hosted service (SaaS) users do not need to do anything.
However, if you are a server licence user and your server is running Linux, then remind your administrator to consult the appropriate Linux distribution’s security announcement and check if you are running a vulnerable version of glibc, then act accordingly.
Server licence users should follow security best practices, especially keeping their servers up to date with the latest security patches – this means both the operating system and ISL Conference Proxy.