Version

This document applies to all Carbon Black Enterprise Protection and Carbon Black Enterprise Response products on the Linux platform only.  The OSX and Windows platforms are unaffected.

Topic

This document answers some questions and is Carbon Black's response to a stack-based buffer overflow vulnerability CVE-2015-7547 for the glibc library that was made public by RedHat and Google on February 16, 2016.

Q/A

What Carbon Black products are affected?

The impacted products operate on Linux platforms only:

Cb Protection Agent

Cb Response Sensor

Cb Response Server

Does Carbon Black compile any GNU C (glibc) libraries in any source code?

No.  The affected products dynamically link to the library only.

Has Carbon Black Engineering tested the affeceted products to ensure the glibc patch does not adversely impact the functionality?

Yes.  Based on current testing results, we feel comfortable that product functionality is not impacted.  Testing is still ongoing.  This advisory will continue to be updated with new information as it becomes available.

[Update: 26 Feb, 2016]

All testing for Cb Response Sensors and Cb Protection Agents has completed on Linux platforms with the glibc patch.  The results are positive and do not adversely impact product functionality. We continue to encourage all customers using the affected products to apply the glibc patch.

How can I remediate my Linux systems so that I am no longer affected?

We suggest to follow the Operating System vendor's recommendation to patch the glibc package.