On February 16, 2016, security researchers publicly disclosed a vulnerability in the Linux glibc library, which is commonly found in Linux-based operating systems. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used (CVE-2015-7547). A remote attacker could create specially crafted DNS responses, which could cause the library to crash or potentially execute code with the permissions of the user running the library.
Following the disclosure of this vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact. We have published Knowledgebase articles on our customer accessible support websites that reflect the most up-to-date information from our review along with remediation plans, where needed:
We will continue to update the information as our review and remediation continues using our standard customer communication channels (including Security Advisories).software vulnerability, vulnerability response