Description
Google security team reported an overflow vulnerability in the getaddrinfo() function in glibc. The cause of this vulnerability is that the DNS Server Response returns excessive 2,048 bytes, triggering stack overflow during the subsequent response.
An attacker may take advantage of this vulnerability through a malicious domain name, domain name server (DNS), or man-in-the-middle attack, in an attempt to control software or even the entire system.
Affected versions
Debian and Red Hat Linux operating systems with glibc versions later than 2.9
Fix
If you use default DNS servers of Alibaba Cloud images for ECS, you remain unaffected by this vulnerability. We recommend that you do not use third-party DNS servers.
Update glibc by running the following command.
For Ubuntu/Debian Linux:
sudo apt-get updatesudo apt-get install libc6
For CentOS/Red Hat Linux:
sudo yum -y update glibc
Restart the system after the updates.
Follow the official instructions to install the patch.