We were notified today about a vulnerability with the glibc library in linux that exposes the server to remote take-over via DNS.
Luckily, Mitel has already released a patch for MSL 10. I've included the information below for those with access to MOL.
------------------------------------------------------------------------------------------------------------------------------------
A patch for MSL to update the affected library is also available through Mitel Online. Refer to Article # 16-5162-00014 (In KB).
Here is the link:
http://domino1.mitel.com/prodsupp/prodsupkb.nsf/byauthor/D5B5474FBA295CB085257F690052E942?opendocumentArticle ID #
16-5162-00014 Article Type Technical Bulletin
Article Title
Remediation for MSL Updating Glibc Packages - CVE-2015-7547 Publish Date Mar-3-2016
Body/Solutions
CVE-2015-7547 raised the need to update the Glibc packages in MSL.
This script supports patching of 32-bit and 64-bit MSL 10.x releases.
MSL releases 8.x and 9.x are unaffected by the vulnerability.
This patch requires a maintenance window to perform a reboot to ensure affected services using glibc are restarted. The script will prompt you to reboot upon successful completion