A new vulnerability covered in advisory CVE-2015-7547 identifies a stack-based buffer overflow security weakness in the GNU C Library (commonly known as glibc). The vulnerability could allow potential exploitation such as denial of service or remote code execution.
After a thorough investigation into all ZyXEL products, ZyXEL has identified the affected products, as listed in the table below, and assures customers the solutions are already available or in preparation to close the vulnerability.
A hotfix is now available for several products through ZyXEL Support. The patch will also be included in the next firmware releases for the affected products, available for download at the ZyXEL Support Center. The table below includes the solution and firmware release schedule for the affected products.
|Datecode available on Feb. 24.
Patch in firmware ZLD4.15P1, available on Mar. 3.
|Datecode available on Mar. 11. (Please contact your local ZyXEL customer service directly.)|
Datecode available on Feb. 25
Datecode available on Feb. 26
Patch in firmware 4.30, available in July
Patch in firmware V5.11P2, available on Mar. 8
Patch in firmware V5.11P3, available on Mar. 8
Patch in firmware V1.00(ABBC.3)C0, available on Mar. 24
Please contact your local service or sales representatives if you require any further assistance.