Red Hat, Google Disclose Severe Glibc DNS Vulnerability; Patched But Widespread

An anonymous reader writes: Today Google's online security team publicly disclosed a severe vulnerability in the Gnu C Library's DNS client. Due to the ubiquity of Glibc, this affects an astounding number of machines and software running on the internet, and raises questions about whether Glibc ought to still be the preferred C library when alternatives like musl are gaining maturity. As one example of the range of software affected, nearly every Bitcoin implementation is affected. Reader msm1267 adds some information about the vulnerability, discovered independently by security researchers at Red Hat as well as at Google, which has since been patched: The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.

Eh?

"discovered independently by security researchers at Red Hat as well as at Google" - How does that happen, and when DID it happen?

OpenBSD is the best replacement for Linux.

OpenBSD is the best replacement for Linux and GNU software, especially if you care about security. The OpenBSD developers can't write bug-free code, but when we consider the extreme care and effort they put into ensuring their code is of an extraordinarily high quality then we realize that their work is as close to bug-free as we are realistically going to get. It does make sense to switch to the best available alternative. The OpenBSD devs do everything just about as correctly as can be done. They put security first. They carefully review their own code and that of others. They will even fork code developed by others if it doesn't meet the OpenBSD standards! They don't implement bad ideas, like systemd, to begin with. They say it as it is, even if it may hurt somebody's feelings. They don't put up with bullshit, especially if it could put security at risk. They are the role models that everybody else in open source software development should follow and strive to be like.