CVE-2015-7547 "glibc getaddrinfo() stack-based buffer overflow"
Feb 17, 2016 9:00am CDT: First version
We are aware of the announced vulnerability CVE-2015-7547. We are investigating the issue and will update this security bulletin with more detail as necessary.
Our assessment is that the severity of this vulnerability is critical and mitigation actions should be taken immediately.
Recommended actions for Globus users and administrators
Most Linux software that performs DNS lookups via glibc, including Globus software components (GridFTP, MyProxy, GSI-OpenSSH), are likely to be vulnerable. We recommend that any affected Linux host apply the glibc update immediately to prevent this vulnerability. There are no necessary updates to Globus software components.
Actions we are taking to close the attack vector
While we believe systems hosting the Globus.org services are safe because Globus uses DNS servers that reject the invalid or malicious responses necessary for exploit, glibc updates will be applied as they become available.