Bug 37643 - eglibc: Multiple issues (4.0)
eglibc: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P3 normal (vote)
: UCS 4.0-3-errata
Assigned To: Stefan Gohmann
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-28 17:08 CET by Janek Walkenhorst
Modified: 2017-10-26 13:54 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2015-01-28 17:08:36 CET
+++ This bug was initially created as a clone of Bug #37047 +++

Incorrect memory management using alloca() (CVE-2012-3405, CVE-2012-3406)
Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
posix_spawn_file_actions_addopen() fails to copy the path argument (CVE-2014-4043)
Denial of service through infinite loop in getnetbyname() (CVE-2014-9402)
Comment 1 Moritz Muehlenhoff univentionstaff 2015-02-06 09:05:53 CET
During high load getaddrinfo() may send DNS queries to random fds (CVE-2013-7423) (only recently assigned)

Buffer overflow in swscanf() (CVE-2015-1472/CVE-2015-1473) (UCS 3.x is not affected, the patch which introduced this was never added to squeeze)
Comment 2 Moritz Muehlenhoff univentionstaff 2015-02-06 10:24:55 CET
Memory corruption in getaddrinfo() if the AI_IDN flag is used (CVE-2013-7424) (only recently assigned)
Comment 3 Moritz Muehlenhoff univentionstaff 2015-02-10 07:43:47 CET
Denial of service by passing overly long input to  getaddrinfo, getservbyname* and glob (CVE-2012-6686)
Comment 4 Moritz Muehlenhoff univentionstaff 2015-03-06 13:44:57 CET
Denial of service in nss_files (CVE-2014-8121)
Comment 5 Moritz Muehlenhoff univentionstaff 2015-03-13 14:24:15 CET
The scanf() implementation crashes on some inputs (CVE-2011-5320) (ID only assigned yesterday)
Comment 6 Arvid Requate univentionstaff 2015-05-06 17:41:29 CEST
The majority of issues here is fixed in upstream Debian package version 2.13-38+deb7u8


CVE-2012-6686 in Comment 3 is invalid, probably should have been CVE-2013-4357


Still unfixed because classified as "Minor issue" by Debian:

* Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
* Denial of service in nss_files (CVE-2014-8121)

CVE-2011-5320 is still unfixed because "The issue was present since the dawn of times" (or whatever), patch available upstream but might be too intrusive.
Comment 7 Arvid Requate univentionstaff 2015-05-06 17:44:05 CEST
The open issues have been copied to Bug 38407, so this one may get fixed ASAP.
Comment 8 Stefan Gohmann univentionstaff 2015-08-28 16:58:15 CEST
These have been fixed:
 - CVE-2015-1472
 - CVE-2015-1473
 - CVE-2012-3406
 - CVE-2014-4043
 - CVE-2014-9402
 - CVE-2013-7424

These have been moved to Bug #38407:
 - CVE-2013-2207
 - CVE-2014-8121
 - CVE-2011-5320

These have already been fixed earlier:
 - CVE-2012-3405
 - CVE-2013-7423
 - CVE-2013-4357

→ YAML: 2015-08-28-eglibc.yaml
Comment 9 Philipp Hahn univentionstaff 2015-09-01 12:52:05 CEST
OK: announce-errata -V 2015-08-28-eglibc.yaml
OK: 2015-08-28-eglibc.yaml

OK: aptitude -y install '?source-package(^eglibc$)~i'
OK: aptitude install '?source-package(^eglibc$)?not(?name(udeb))'
OK: amd64 i386
OK: zless /usr/share/doc/libc6/changelog.Debian.gz (2.13-38+deb7u7..2.13-38+deb7u8]

OK: CVE-2015-1472
OK: CVE-2015-1473 <https://sourceware.org/bugzilla/show_bug.cgi?id=16618>
OK: CVE-2012-3406 bug23-?.c
OK: CVE-2014-4043 <https://bugzilla.redhat.com/show_bug.cgi?id=1109263>
OK: CVE-2014-9402 <https://sourceware.org/bugzilla/show_bug.cgi?id=17630#c10>
OK: CVE-2013-7424 ping6 தளம்.பாராளுமன்றம்.இலங்கை.

OK: CVE-2012-3405
OK: CVE-2013-7423
  apt-get install -y gcc && wget -O bug.c https://sourceware.org/bugzilla/attachment.cgi?id=8161 && gcc -o bug bug.c -lpthread && ./bug
OK: CVE-2013-4357

OK: Bug #38407
Comment 10 Janek Walkenhorst univentionstaff 2015-09-02 12:57:25 CEST
<http://errata.univention.de/ucs/4.0/297.html>