Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 23, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Statement Date: February 17, 2016
Affected
"Arista Networks is investigating the applicability of VU#457759 to our products. More information will be available as the investigation proceeds."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 26, 2016
Statement Date: February 26, 2016
Affected
"Blue Coat products using an affected version of the GNU C Library (glibc) are susceptible to a remote execution attack. A remote attacker can send a crafted DNS response to the glibc DNS resolver and cause the resolver to crash or execute arbitrary code."
Fixes for the vulnerable products are pending. Please see the advisory below.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: March 14, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
A patched version of glibc is available for CentOS. The forum discussion at the URL below provides further information.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 18, 2016
Statement Date: February 18, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
Cisco has provided a security advisory which contains details of which products are affected at the URL below:
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Statement Date: February 17, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
Debian has released glibc updates containing the patches. Please see the announcements below:
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Updated: February 18, 2016
Statement Date: February 18, 2016
Not Affected
"No version of our software is affected by VU#457759 (glibc vulnerable to stack buffer overflow in DNS resolver)"
We are not aware of further vendor information regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 29, 2016
Statement Date: February 29, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The following products are confirmed to be not affected: FortiOS FortiSwitch FortiAnalyzer Other products are in the course of being investigated. Please see the URL below for more information and updates.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Statement Date: February 17, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
glibc has been updated with the patch on Gentoo. Please see the Gentoo security advisory at the URL below.
https://security.gentoo.org/glsa/201602-02
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
A detailed analysis and patch for glibc are available at the URL below.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 22, 2016
Statement Date: February 19, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has provided the following list. A statement is available at the URL below. The following products have been confirmed to be not vulnerable to the glibc issue reported as CVE-2015-7547: Junos OS does not use glibc and is not affected by this issue. Note: Linux VM-based platforms (e.g. vSRX, vMX, etc.) include glibc, but do not make use of DNS client libraries during normal operation. Junos Space ScreenOS uses a different implementation of libc and is not affected by this issue. QFabric Director JUNOSe CTP and CTPView NSM server relies on underlying OS glibc library. Contact OS vendor SBR Carrier running on RHEL relies on the glibc library shipped with the OS. Customers should contact the OS vendor to upgrade glibc. SBR Carrier running on Solaris is not vulnerable as it does not use this library. WX/WXC Netscreen IDP Other products are still under investigation.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 22, 2016
Statement Date: February 20, 2016
Not Affected
"Openwall GNU/*/Linux is not affected. We use a fork of a version of glibc predating the introduction of this vulnerability. We have previously patched the somewhat related GHOST vulnerability."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Statement Date: February 17, 2016
Not Affected
PC-BSD is based upon FreeBSD, and as such does *not* use glibc by default for any native *BSD applications. As such, it is not vulnerable to CVE-2015-7547. PC-BSD does allow running Linux applications through emulation, in which case users should ensure their packages / VM's are updated in accordance with upstream methods.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
glibc has been updated with the patch. Please see the Red Hat security advisory at the URL below.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Updated: February 18, 2016
Statement Date: February 18, 2016
Not Affected
"The TCPWave DNS Appliances and TCPWave Sharkcage Appliances do not use a vulnerable version of glibc in the current production releases. A newer version that is scheduled for a summer release has been found vulnerable and has been patches. When the customers upgrade the existing appliances to a newer version, they will not be impacted by this vulnerability."
TCPWave has provided a security advisory at the URL below:
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Statement Date: February 17, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
Ubuntu has released a patched version of glibc. Please see the security advisory at the URL below:
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 17, 2016 Updated: February 17, 2016
Unknown
No statement is currently available from the vendor regarding this vulnerability.