KB Article #177761

Does CVE-2015-7547 affect the API Gateway or the Appliance it runs on?

CVE-2015-7547 and API Gateway

glibc vulnerability CVE-2015-7547 in Axway products is documented in this note
https://support.axway.com/news/907

The API Gateway itself is not affected.

The older Oracle Linux Appliance is also not affected as it runs Oracle Linux 5 (Red Hat 5) see here https://access.redhat.com/security/cve/cve-2015-7547

The SuSE Linux Appliance used by API Gateway, API Manager and API Portal is affected and a patch to glibc is available in the Axway repository.

Please apply the updates through the Web Administration Interface (WAI) on port 10000. The upgrade of the SuSE Operating system will take glibc to at least glibc-2.11.3-17.95.2 (released 16th of February 2016) to fix the vulnerability. Also note that a reboot is necessary.

Note Axway SuSE Appliance is currently SLES SP3

https://www.suse.com/support/kb/doc.php?id=7017265