Golden Frog Addressing glibc Vulnerability
It’s been reported that there is a vulnerability in glibc, an open source library. As described by Ars Technica, “The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, including those distributed with routers and other types of hardware. A function known as getaddrinfo() that performs domain-name lookups contains a buffer overflow bug that allows attackers to remotely execute malicious code. It can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they’re exposed to man-in-the-middle attacks where the adversary has the ability to monitor and manipulate data passing between a vulnerable device and the open Internet. All versions of glibc after 2.9 are vulnerable.”
We wanted to let our customers know we are aware of the issue and are in the process of patching all of our services, with a priority on any system that involves our service or customer data. We will let you know once the updates are complete.
Please reach out to Golden Frog Support if you have any questions in the meantime.