Menu
▾
▴
[tbox-l] CVE-2015-7547 (glibc) impact to Linux Toolkit for AIX?
|
From: Garbos E. <eg...@pc...> - 2016-02-26 14:43:34
|
Hello, Unfortunately IBM is passing the buck on this completely from a support perspective, so I'm hoping some of you fine folks can respond on this subject. Security vulnerability CVE-2015-7547 was recently announced based on some findings by RedHat and Google. This is a vulnerability, as I understand it, in name resolution code in the glibc library. Comments I've seen suggest that many softwares including SSH tools, SUDO, curl, etc could potentially be vulnerable if built with the affected library. From and AIX perspective, glibc is not normally included with the base OS (and in my case, isn't installed anywhere), but we do leverage some pieces from the Linux Toolkit for AIX which I fear might be affected. Can anyone confirm or deny this concern? And if so, are updated versions in the works to address this vulnerability? Just trying to do my due diligence and allay the concerns raised by our Security team. Thanks! Eric R. Garbos Senior UNIX Systems Administrator eg...@pc... www.pcconnection.com |
