I'glibc vulnerability hot-fix and patch for Dell SonicWALL SRA/SMA Series.

To customer

On Tuesday, February 16, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation. The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as it is significantly more difficult to exploit.

Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack. Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system.

This vulnerability is being seen across the industry, and Dell SonicWALL has worked quickly to provide you with a hot-fix and patch to ensure continued protection with the Dell SonicWALL SRA/SMA Series.

For customers using SRA/SMB Series:

• All SRA firmware versions prior to 8.1.0.1-11sv for SRA 4600/1600/Virtual Appliance and 8.0.0.4-25sv for SRA 4200/1200 are affected.

• Action required:

  • For SRA SMB 8.1.0.2-14sv: the fix (CVE-2015-7547) has been posted in mysonicwall.com. Simply log in to your mysonicwall.com account, locate and apply.

  • For SRA SMB 8.0.0.5-27sv: the fix has been posted in mysonicwall.com. Simply log in to your mysonicwall.com account, locate and apply.

For customers using SRA/SMA x000 Series:

• The two supported versions of SRA/SMA EX9000/7000/6000, SMA 7200/6200 and the SMA Virtual Appliance 10.7.2 and v11.3.0 are both vulnerable as are all older unsupported versions.

• Action required:

  • Download and apply hot-fix for 10.7.2 here: https://support.software.dell.com/kb/186841

  • Download and apply hot-fix for 11.3.0 here: https://support.software.dell.com/kb/186843