Background Information

There was a recent discovery of the CVE-2015-7547 Vulnerability. The information below will assist you in taking the proper steps toward mitigating the security risk.

Impact Mitigation

Options for Mitigating the CVE-2015-7547 Vulnerability.

  1. If you are an AWS Customer and your are using their DNS infrastructure, you are not affected by this security risk. See the AWS customer advisory here.
  2. If you are not using AWS' DNS Infrastructure and are using a different Cloud Provider, then you may do the following.

    • As a RightScale Customer, you can now patch your Servers by running yum update or apt-get update as the patch package is now available in our mirror. A restart is required for this update. Package Name: glibc-2.12-1.166.el6_7.7.i686.rpm
    • You may also follow Google's recommendation shown below if you are not able to immediately patch your Servers.

      Google has found some mitigations that may help prevent exploitation if you are not able to immediately patch your instance of glibc. The vulnerability relies on an oversized (2048+ bytes) UDP or TCP response, which is followed by another response that will overwrite the stack. Our suggested mitigation is to limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as to ensure that DNS queries are sent only to DNS servers which limit the response size for UDP responses with the truncation bit set.