On Tuesday, Feb 16, Google researchers reported a stack based buffer overflow in the commonly used glibc library. We are investigating the impact to our physical and virtual products and our cloud based services and will update this space as we have more details.
CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow
Started by Dave Farrow, Feb 17 2016 12:41 PM
CVE-2015-7547 glibc getaddrinfo buffer overflow
8 replies to this topic
#4
Pedro Gall
-
- Members
- 8 posts
Posted 22 February 2016 - 04:47 AM
Asking again for an update. Have not found any Security Updates on the appliances. What's the status?
#5
John Norris
-
- Members
- 1 posts
Posted 22 February 2016 - 03:56 PM
I contacted Barracuda support about this today and they sent me here. I guess there is no update........................yet.
#6
Manfred Wiktorin
-
- Members
- 1 posts
Posted 23 February 2016 - 03:06 AM
The security issue was reported 1 week ago. Other manufacturers delivered security patches within 2 days.
From Barracuda there is even no further information yet. WTF is going wrong at Barrcuda?
#7
Dave Farrow
-
- Moderators
-
- 35 posts
PSIRT
Posted 23 February 2016 - 05:41 PM
Updates for NG Firewall F-Series versions 5.4, 6.0, 6.1, and 6.2 are available at: https://community.ba...ity-advisories/
#8
Dave Farrow
-
- Moderators
-
- 35 posts
PSIRT
Posted 23 February 2016 - 06:02 PM
We are able to confirm that the following Barracuda physical and virtual appliances are not vulnerable to CVE-2015-7547:
- Email Security Gateway (Span and Virus Firewall)
- Web Security Gateway (Web Filter)
- Web Application Firewall
- Backup
- Message Archiver
- Load Balancer ADC
- Load Balancer FDC
- Link Balancer
- SSL VPN
- Phone System
We will post additional updates as we continue our research.
#9
Dave Farrow
-
- Moderators
-
- 35 posts
PSIRT
Posted 24 February 2016 - 12:05 PM
Updates for the NG Firewall X-Series versions 6.8.2 and 6.8.3 are now available.
