2016/02/16 - 3:30 PM PST
We have reviewed the issues described in CVE-2015-7547 and have determined that AWS Services are largely not affected. The only exception is customers using Amazon EC2 who’ve modified their configurations to use non-AWS DNS infrastructure should update their Linux environments immediately following directions provided by their Linux distribution. EC2 customers using the AWS DNS infrastructure are unaffected and don’t need to take any action.
For Amazon EC2 customers using Amazon Linux and who’ve modified their configuration to use non-AWS DNS infrastructure:
A fix for CVE-2015-7547 has been pushed to the Amazon Linux AMI repositories, with a severity rating of Critical. Instances launched with the default Amazon Linux configuration on or after 2016/02/16 will automatically include the required fix for this CVE.
Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the fix for this CVE:
sudo yum update glibc
Depending on your configuration, you may need to run the following command as well:
sudo yum clean all
For more information, please see https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update
Additional details to update non-Amazon Linux environments can be found at the following links:
Ubuntu Server: http://www.ubuntu.com/usn/
SuSE Linux Enterprise Server: https://www.suse.com/security/cve/CVE-2015-7547.html
RedHat: https://access.redhat.com/security/cve/CVE-2015-7547