Skip navigation.

Wim Coekaerts

Syndicate content
Updated: 3 hours 51 min ago

glibc CVE re: getaddrinfo() and userspace ksplice

Sat, 2016-02-20 17:48
I have my own server with Oracle Linux 6 (of course) where I host a ton of personal stuff and this server was also affected by the nasty DNS bug from last week (see : CVE-2015-7547 ). Everyone really should update glibc and make sure their system is patched (any distribution) by the way - this is a very serious vulnerability... The nice thing, however, was that this is a perfect example for user space ksplice patching. A quick ksplice update for glibc on this box, and it was patched, no restarting the system no restarting sshd or any other app for that matter. A split microsecond and life goes on happily. Nothing affected, no downtime, no pauses, no hiccups. That's the way to patch these things.

userspace ksplice

Most awesomely cool stuff. Solving real world problems. Imagine running a few 100 docker instances or a couple of Linux containers and you have to update the host's glibc and bring all that down... talk about impact.

kernel patches ... check

critical OS libraries like SSL and GLIBC ... check.

Oracle Linux 6 and 7 support ... check