This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Security Notice - Statement on Google Security Research Team Revealing GNU Glibc Buffer Overflow Security Vulnerability

  • Initial Release Date: 2016-02-19
  • Last Release Date: 2016-03-04

Huawei noticed the information released by Google security research team regarding the buffer overflow security vulnerability (CVE-2015-7547) in the getaddrinfo function of glibc on February 16, 2016.

Huawei has delivered Security Advisory. Customers can get necessary support for product security vulnerabilities through Huawei local technical service. The link of the security advisory is:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en

Huawei released the latest IPS signature (IPS_H20011000_2016022400) on February 24, 2016. The signature applies to Huawei Next Generation Firewalls (NGFWs) and data center firewalls. Upgrade to this signature enables the IPS to detect and defend against network-layer glibc vulnerability exploits. The network level mitigation based on the description above can help mitigate risks for customers.

2016-03-04 V1.2 FINAL added SA link

2016-02-24 V1.1 UPDATED Added IPS Signatures

2016-02-19 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.