CVE-2015-7547: getaddrinfo() stack-based buffer overflow

John W. Blue at
Wed Feb 17 16:46:12 UTC 2016

I agree with Reindl, but (at the risk of this sounding bad) it also underscores why it is important to proactive in management of risk and change.

If you don't know what you don't know that is very risky behavior.  If there is a collective freak out on what to do to get something fixed regardless of the pain and suffering, well .. that is poor change management.  The good news is that both of those over-arching issues are addressable.


-----Original Message-----
From: bind-users-bounces at [mailto:bind-users-bounces at] On Behalf Of Reindl Harald
Sent: Wednesday, February 17, 2016 10:34 AM
To: bind-users at
Subject: Re: CVE-2015-7547: getaddrinfo() stack-based buffer overflow

Am 17.02.2016 um 17:22 schrieb Dominique Jullier:
> Are they any thoughts around, how to handle yesterday's glibc 
> vulnerability[1][2] from the side bind?
> Since it is a rather painful task in order to update all hosts to a 
> new version of glibc, we were thinking about other possible 
> workarounds

Fedora, RHEL and Debian as well as likely all other relevant distributions are providing a patched glibc - dunno what is "rather painful" to apply a ordinary update like kernel security updates and restart all network relevant processes or reboot

More information about the bind-users mailing list