Today a co-worker informed me about vulnerability CVE-2015-7547. Description on the CVE website:
|Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.|
At this point, we have 1 version 8.2 gateway and we recently updated the test gateway to 9.0 with the latest security patches on it.
Does anyone know if this will affect both versions and means patches are needed?