Se você estiver usando uma distribuição razoavelmente bem suportada, não precisará do patch original em si. A maioria das distribuições teria atualizado a libc até agora e a transferido para seus repositórios, e tudo o que você precisa fazer é usar o gerenciador de pacotes para atualizar a libc. (Se eles não o fizeram até agora, considere seriamente mudar as distribuições.) E esse é realmente o caso do Amazon Linux. De seus boletins de segurança :
[C]ustomers using Amazon EC2 who’ve modified their configurations to use non-AWS DNS infrastructure should update their Linux environments immediately following directions provided by their Linux distribution. EC2 customers using the AWS DNS infrastructure are unaffected and don’t need to take any action.
For Amazon EC2 customers using Amazon Linux and who’ve modified their configuration to use non-AWS DNS infrastructure:
A fix for CVE-2015-7547 has been pushed to the Amazon Linux AMI repositories, with a severity rating of Critical. Instances launched with the default Amazon Linux configuration on or after 2016/02/16 will automatically include the required fix for this CVE.
O patch, se você quiser ver, é a parte que começa com diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
no email:
CVE-2015-7547
2016-02-15 Carlos O'Donell
[BZ #18665]
* resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set
*herrno_p.
(gaih_getanswer): Document functional behviour. Return tryagain
if any result is tryagain.
* resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero
when freed.
* resolv/res_send.c: Add copyright text.
(__libc_res_nsend): Document that MAXPACKET is expected.
(send_vc): Document. Remove buffer reuse.
(send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the
size of the buffer. Add Dprint for truncated UDP buffer.
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index a255d5e..47cfe27 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname,
int h_namelen = 0;
if (ancount == 0)
- return NSS_STATUS_NOTFOUND;
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
...