A highly critical vulnerability has noticed in glibc ( GNU C Library ) . For CentOS/RedHat, only version 6 and 7 are affected. CentOS 5 (RedHat 5) and older versions are not affected by this. Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more. To understand more about the vulnerability read the article https://access.redhat.com/security/cve/CVE-2015-7547
Versions affected: All glibc from 2.9 to 2.22 are affected by this vulnerability.
How to check the vulnerability
For an example here I am using my CentOS 6 machine.
# rpm -qa | grep -i glibc
glibc-2.12-1.149.el6_6.5.x86_64
glibc-headers-2.12-1.149.el6_6.5.x86_64
glibc-common-2.12-1.149.el6_6.5.x86_64
glibc-devel-2.12-1.149.el6_6.5.x86_64
From the above result its clear that the installed glibc is vulnerable
This vulnerability has been there since glibc 2.9 which was originally released on Nov 2008. Now that this has become uncovered, you should patch your system immediately.
Patch for glibc vulnerability
To fix the problem just update the installed glibc library
# yum -y update glibc
..
Updated: glibc.x86_64 0:2.12-1.166.el6_7.7
Dependency Updated:
glibc-common.x86_64 0:2.12-1.166.el6_7.7
glibc-devel.x86_64 0:2.12-1.166.el6_7.7
glibc-headers.x86_64 0:2.12-1.166.el6_7.7
