VMware vRealize Log Insight patch for CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
search cancel

VMware vRealize Log Insight patch for CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

book

Article ID: 342987

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article provides a resolution for the security issue CVE-2015-7547 for VMware vRealize Log Insight 2.0, 2.5 and 3.0.


Environment

VMware vCenter Log Insight 2.x
VMware vRealize Log Insight 3.0.x
VMware vRealize Log Insight 2.5.x

Resolution

This is a known issue affecting VMware vRealize Log Insight 2.0, 2.5 and 3.0.

This issue is resolved in a targeted patch for each affected release, and in fresh installs or upgrades to Log Insight 3.3.

To resolve this issue, apply the upgrade package appropriate for an existing installation:

Steps to apply the patch, excerpted from the Upgrading vRealize Log Insight section of the Administration Guide:

Warning: This resolution is applicable only to vRealize Log Insight. Do not attempt these steps on other VMware Products.

  1. Create a snapshot or backup copy of the vRealize Log Insight virtual appliance.
  2. Obtain a copy of the vRealize Log Insight upgrade bundle .pak file.
  3. Verify that you are logged in to the vRealize Log Insight Web user interface as a user with the Edit Admin permission.
  4. Click the configuration drop-down menu icon and select Administration.
  5. Under Management, click Cluster or Appliance, depending on Log Insight version.
  6. Click Upgrade from PAK, and browse to the .pak file.
  7. Click Upgrade. vRealize Log Insight uploads the .pak file to the virtual appliance and displays a confirmation dialog box.
  8. Click Upgrade to confirm.
  9. Accept the EULA to complete the upgrade procedure.

Note: When applied to a matching major.minor version, the .pak file does not upgrade the application itself and only addresses the vulnerability outlined above. Upgrades between major versions using the .pak file upgrades the application and addresses the vulnerability. For upgrade paths see the VMware Product Interoperability Matrix.


Additional Information

To be alerted when this article is updated, click the subscribe button [cid:[email protected]] . For more information on KB subscription features, see the Knowledge Base Article FAQs: How to Subscribe to VMware Knowledge Base Articles (76417).and see VMware Security Advisories .