On Tuesday, Feb 16, Google researchers reported a stack based buffer overflow in the commonly used glibc library. We are investigating the impact to our physical and virtual products and our cloud based services and will update this space as we have more details.
CVE-2015-7547 glibc getaddrinfo stack-based buffer overflowCVE-2015-7547 glibc getaddrinfo buffer overflow
Posted 22 February 2016 - 04:47 AM
Asking again for an update. Have not found any Security Updates on the appliances. What's the status?
Posted 22 February 2016 - 03:56 PM
I contacted Barracuda support about this today and they sent me here. I guess there is no update........................yet.
Posted 23 February 2016 - 03:06 AM
The security issue was reported 1 week ago. Other manufacturers delivered security patches within 2 days.
From Barracuda there is even no further information yet. WTF is going wrong at Barrcuda?
Posted 23 February 2016 - 06:02 PM
We are able to confirm that the following Barracuda physical and virtual appliances are not vulnerable to CVE-2015-7547:
- Email Security Gateway (Span and Virus Firewall)
- Web Security Gateway (Web Filter)
- Web Application Firewall
- Message Archiver
- Load Balancer ADC
- Load Balancer FDC
- Link Balancer
- SSL VPN
- Phone System
We will post additional updates as we continue our research.
Posted 24 February 2016 - 12:05 PM
Updates for the NG Firewall X-Series versions 6.8.2 and 6.8.3 are now available.