Security Notice - Statement on Google Security Research Team Revealing GNU Glibc Buffer Overflow Security Vulnerability
- Initial Release Date: Feb 19, 2016
- Last Release Date: Mar 04, 2016
Huawei noticed the information released by Google security research team regarding the buffer overflow security vulnerability (CVE-2015-7547) in the getaddrinfo function of glibc on February 16, 2016.
Huawei has delivered Security Advisory. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en
Huawei released the latest IPS signature (IPS_H20011000_2016022400) on February 24, 2016. The signature applies to Huawei Next Generation Firewalls (NGFWs) and data center firewalls. Upgrade to this signature enables the IPS to detect and defend against network-layer glibc vulnerability exploits. The network level mitigation based on the description above can help mitigate risks for customers.
2016-03-04 V1.2 FINAL added SA link
2016-02-24 V1.1 UPDATED Added IPS Signatures
2016-02-19 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
None
