- This topic has 0 replies, 1 voice, and was last updated 8 years, 9 months ago by
.
-
Posts
-
The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. A remote attacker could create a specially crafted DNS response causing libresolv to crash or, potentially, execute code with the permissions of the user running the library.
Investigations show that the vulnerability was introduced in May 2008 as part of glibc 2.9. To mitigate the risk of an attack, it is strongly recommended that Linux users update glibc.
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
Glibc is not shipped with NoMachine packages but makes use of this library which is provided by the Linux distribution. NoMachine advises all users to update their Linux OS, or contact their provider for more information. Windows and Mac are not affected.
This topic was marked as closed, you can't post.