Problem

* Which API appliances are affected by the glibc gethostbyname overflow (CVE-2015-7547) and what updates should be applied?

Resolution

-- This is a Linux bug and the Linux glibc packages need to be updated to fixed versions on affected systems. No changes are required for the API Gateway software itself.

Axway has supplied the API Gateway with two different operating systems:

• RHEL 5-based systems are not affected according to RedHat.
• SuSe-based appliances are affected and should update glibc. A glibc package with the fix has been pushed to the Axway appliance repos. It is best to update everything via zypper clean then zypper refresh and zypper update but it is also possible to update only glibc with zypper update glibc

Those running on Linux systems not supplied by Axway should consult with the vendor of their OS in order to obtain information or patches for this CVE. We are also aware of third-party test scripts which may help determine whether a system is affected by this, but these are not endorsed by Axway.