ID

VAR-201602-0004

CVE

CVE-2015-7547

TITLE

glibc vulnerable to stack buffer overflow in DNS resolver

DESCRIPTION

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. 6) - i386, x86_64 3. This update also fixes the following bugs: * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. For HPE Helion OpenStack 2.0.x the recommended update path is to download and upgrade to Helion OpenStack 2.1.2 or a subsequent later version . This can be done as follows: Go to https://helion.hpwsportal.com and download HPE Helion OpenStack 2.1.2 Follow these http://docs.hpcloud.com/#helion/installation/upgrade20_to_212.html deployment steps to upgrade to 2.1.2 HPE Helion OpenStack 2.0.x customers can also choose to install the 2.0.2 release, which only includes the changes mentioned in the release notes http://docs.hpcloud.com/#helion/releasenotes202.html . This can be done as follows: Go to https://helion.hpwsportal.com and download HPE Helion OpenStack 2.0.2 Follow these http://docs.hpcloud.com/#helion/installation/upgrade20_to_202.html deployment steps to upgrade to 2.0.2 To patch HPE Helion OpenStack 2.1.0: Go to https://helion.hpwsportal.com and download HPE Helion OpenStack 2.1.2 or a subsequent later version . - Upgrade HP OneView to patch version 2.00.07. - HP StoreVirtual VSA Software 12.6 - HP StoreVirtual 4130 600GB SAS Storage 12.6 - HP StoreVirtual 4130 600GB China SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage 12.6 - HP StoreVirtual 4330 900GB SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6 - HP StoreVirtual 4330 450GB China SAS Storage 12.6 - HP StoreVirtual 4330 900GB China SAS Storage 12.6 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 450GB SAS Storage 12.6 - HP StoreVirtual 4530 600GB SAS Storage 12.6 - HP StoreVirtual 4630 900GB SAS Storage 12.6 - HP StoreVirtual 4730 600GB SAS Storage 12.6 - HP StoreVirtual 4730 900GB SAS Storage 12.6 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4335 China Hybrid Storage 12.6 - HP StoreVirtual 4335 Hybrid Storage 12.6 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6 - HP StoreVirtual 4130 600GB China SAS Storage 12.6 - HP StoreVirtual 4130 600GB SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 450GB China SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage 12.6 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 900GB China SAS Storage 12.6 - HP StoreVirtual 4330 900GB SAS Storage 12.6 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6 - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6 - HP StoreVirtual 4335 China Hybrid Storage 12.6 - HP StoreVirtual 4335 Hybrid SAN Solution 12.6 - HP StoreVirtual 4335 Hybrid Storage 12.6 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 450GB SAS Storage 12.6 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6 - HP StoreVirtual 4530 600GB SAS Storage 12.6 - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4630 900GB SAS Storage 12.6 - HP StoreVirtual 4730 600GB SAS Storage 12.6 - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4730 900GB SAS Storage 12.6 - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-7547 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI d=emr_na-c01345499 RESOLUTION HPE has made the following software updates available to resolve the vulnerability with glibc for all of the impacted HPE StoreVirtual products. - LeftHand OS 12.6 - patch 56001 - LeftHand OS 12.5 - patch 55015 **Notes:** - These patches will upgrade glibc to 2.12-1.166 to resolve this issue. Relevant releases/architectures: RHEL 7-based RHEV-H - noarch RHEV Hypervisor for RHEL-6 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0176-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0176.html Issue date: 2016-02-16 CVE Names: CVE-2015-5229 CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs: * The existing implementation of the "free" function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of "madvise" system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the "mallopt" function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error "monstartup: out of memory". The bug has been corrected and applications compiled for profiling now start correctly. (BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1256285 - CVE-2015-5229 glibc: calloc may return non-zero memory 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 1298956 - "monstartup: out of memory" on PPC64LE [rhel-7.2.z] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm ppc64: glibc-2.17-106.el7_2.4.ppc.rpm glibc-2.17-106.el7_2.4.ppc64.rpm glibc-common-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64.rpm glibc-devel-2.17-106.el7_2.4.ppc.rpm glibc-devel-2.17-106.el7_2.4.ppc64.rpm glibc-headers-2.17-106.el7_2.4.ppc64.rpm glibc-utils-2.17-106.el7_2.4.ppc64.rpm nscd-2.17-106.el7_2.4.ppc64.rpm ppc64le: glibc-2.17-106.el7_2.4.ppc64le.rpm glibc-common-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64le.rpm glibc-devel-2.17-106.el7_2.4.ppc64le.rpm glibc-headers-2.17-106.el7_2.4.ppc64le.rpm glibc-utils-2.17-106.el7_2.4.ppc64le.rpm nscd-2.17-106.el7_2.4.ppc64le.rpm s390x: glibc-2.17-106.el7_2.4.s390.rpm glibc-2.17-106.el7_2.4.s390x.rpm glibc-common-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390x.rpm glibc-devel-2.17-106.el7_2.4.s390.rpm glibc-devel-2.17-106.el7_2.4.s390x.rpm glibc-headers-2.17-106.el7_2.4.s390x.rpm glibc-utils-2.17-106.el7_2.4.s390x.rpm nscd-2.17-106.el7_2.4.s390x.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64.rpm glibc-static-2.17-106.el7_2.4.ppc.rpm glibc-static-2.17-106.el7_2.4.ppc64.rpm ppc64le: glibc-debuginfo-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64le.rpm glibc-static-2.17-106.el7_2.4.ppc64le.rpm s390x: glibc-debuginfo-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390x.rpm glibc-static-2.17-106.el7_2.4.s390.rpm glibc-static-2.17-106.el7_2.4.s390x.rpm x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5229 https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0iDXlSAg2UNWIIRAh1MAJ4i9uRE0pNTb+BjMHGTLL5PpEbF6gCgrBwA pR+M8a0yt5CoWGJfxcd7yVg= =gySF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04989404 Version: 1 HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-02-18 Last Updated: 2016-02-18 Potential Security Impact: Remote Arbitrary Code Execution Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. - Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable. References: - CVE-2015-7547 - PSRT110035 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE Helion Eucalyptus 4.2.1 and earlier - HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus. + All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS: https://access.redhat.com/articles/2161461 **RHEL Note:** After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services. + New Helion Eucalyptus Service EMIs will be made available soon in the Eucalyptus software repositories at: http://downloads.eucalyptus.com/software/eucalyptus/4.2/ **Note:** This security bulletin will be revised when those updates are available. Until Helion Eucalyptus EMI updates are available, the following workaround is available to update the instances launched from eucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc packages. **Workaround:** As a cloud administrator: 1) create an update-glibc script with the following content: #! /bin/bash yum update -y glibc 2) set the following cloud properties to use that script on instance start: euctl services.imaging.worker.init_script=@update-glibc euctl services.loadbalancing.worker.init_script=@update-glibc This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account: # euare-accountlist | grep loadbalancing (eucalyptus)loadbalancing <accnt_id> # euca-describe-instances verbose | grep <accnt_id> And terminate them using euca-terminate-instances. New updated instances will be started automatically after that. For the Imaging Service, the imaging worker needs to be terminated and started again: # esi-manage-stack -a delete imaging # esi-manage-stack -a create imaging HISTORY Version:1 (rev.1) - 17 February 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. + 3PAR OS 3.2.1 MU5 and 3.2.2 MU2 - HPE recommends prior impacted versions update to 3PAR OS 3.2.1 MU 5 or 3.2.2 MU2. - glibc has been updated in these releases to resolve the glibc vulnerability. + 3PAR OS 3.1.3 is also vulnerable but will not be fixed. **Mitigation:** The best protection to guard against exploitation of this vulnerability is to securely configure and operate the storage array in accordance with the *HPE 3PAR Configuration Guidelines* documentation

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow, arbitrary

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

HP

SOURCES

LAST UPDATE DATE

2026-02-08T22:48:06.448000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE