Clavister and the glibc vulnerability

STOCKHOLM, SWEDEN. 2016-02-19, by Andreas Åsander

Clavister solutions not affected – here’s what you need to know


About the vulnerability

On Tuesday the 16:th of February 2016 the google security team discovered a critical buffer overflow vulnerability in glibc (CVE-2015-7547 and CVE-2015-5229).

Due to this vulnerability a remote attacker could create a DNS response which could cause libresolv to crash or, potentially, execute malicious code (CVE-2015-7547). The google team also discovered critical flaws that could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229)


The good news

Clavister products are not affected by this vulnerability since Clavister does not include or use glibc in its products that would expose the systems to this critical issue.


Vulnerability status:

  • Clavister cOS Core: No versions affected
  • Clavister SSL VPN: No versions affected
  • Clavister InControl: No versions affected
  • Clavister Identity Awareness Client (IDA): No versions affected
  • Clavister cOS Stream: No versions affected