CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Fuel for OpenStack | ||||||
6.0.x |
Fix Released
|
High
|
Denis Meltsaykin | |||
6.1.x |
Fix Released
|
High
|
Denis Meltsaykin | |||
7.0.x |
Fix Released
|
High
|
Denis Meltsaykin | |||
Mirantis OpenStack |
Fix Released
|
High
|
MOS Maintenance | |||
8.0.x |
Fix Released
|
High
|
MOS Maintenance | |||
9.x |
Invalid
|
High
|
MOS Linux |
Bug Description
All versions of glibc after 2.9 are vulnerable
https:/
for examples in MOS 6.0 we have:
[root@nailgun ~]# yum list |grep glibc
glibc.x86_64 2.12-1.132.el6_5.2 @anaconda-
glibc-common.x86_64 2.12-1.132.el6_5.2 @anaconda-
glibc-devel.x86_64 2.12-1.132.el6_5.2 nailgun
glibc-headers.
from one of the nodes:
Warning: Permanently added 'node-1' (RSA) to the list of known hosts.
ii libc-bin 2.15-0ubuntu10.7 Embedded GNU C Library: Binaries
ii libc-dev-bin 2.15-0ubuntu10.7 Embedded GNU C Library: Development binaries
ii libc6 2.15-0ubuntu10.7 Embedded GNU C Library: Shared libraries
ii libc6-dev 2.15-0ubuntu10.7 Embedded GNU C Library: Development Libraries and Header Files(edited)
CVE References
tags: | added: customer-found support |
Changed in fuel: | |
importance: | Undecided → Critical |
Changed in fuel: | |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
information type: | Public → Public Security |
Changed in fuel: | |
status: | New → Confirmed |
tags: | added: area-mos |
Changed in fuel: | |
importance: | Critical → High |
affects: | fuel → mos |
information type: | Private Security → Public Security |
According to CVSS this is of score 8.3. /www.first. org/cvss/ calculator/ 3.0#CVSS: 3.0/AV: N/AC:H/ PR:N/UI: R/S:C/C: H/I:H/A: H
https:/
Changing importance to 'High'