Univention Bugzilla – Bug 37644
eglibc: Multiple issues (3.2)
Last modified: 2015-03-25 14:04:30 CET
+++ This bug was initially created as a clone of Bug #33271 +++ Incorrect error handling in addmntent helper (CVE-2011-1089) Incorrect memory handling in processing format strings (CVE-2012-3404) Incorrect memory management using alloca() (CVE-2012-3405, CVE-2012-3406) Integeroverflows in strto() (CVE-2012-3480) Stack overflow in strcoll() (CVE-2012-4424) Integer overflow in strcoll() (CVE-2012-4412) Denial of service when processing regular expressions with multibyte characters (CVE-2013-0242) Stack overflow in getaddrinfo() (CVE-2013-1914) PTR_MANGLE encrypts pointers as a countermeasure against buffer overflows. When linking statically, this mangling doesn't work correctly. The impact on UCS is negligable, since the software shipped in UCS/Debian is dynamically linked (with very few exceptions). (CVE-2013-4788) Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207) Missing sanitising for path length in readdir_r() (CVE-2013-4237) Multiple integer overflows in pvalloc(), valloc() and posix_memalign/memalign/aligned_alloc() (CVE-2013-4332) Stack overflow in getaddrinfo() (CVE-2013-4357) Stack frame overflow in getaddrinfo() for Ipv6 sockets (CVE-2013-4458) posix_spawn_file_actions_addopen() fails to copy the path argument (CVE-2014-4043)
During high load getaddrinfo() may send DNS queries to random fds (CVE-2013-7423) (only recently assigned)
Memory corruption in getaddrinfo() if the AI_IDN flag is used (CVE-2013-7424) (only recently assigned)
Denial of service by passing overly long input to getaddrinfo, getservbyname* and glob (CVE-2012-6686)
> Incorrect error handling in addmntent helper (CVE-2011-1089) > > Incorrect memory handling in processing format strings (CVE-2012-3404) These two issues turned out to be already fixed in squeeze: They are part of the debian/patches/svn-updates.diff patch in the 2.11.3-1 upload.
Denial of service in nss_files (CVE-2014-8121)
(In reply to Moritz Muehlenhoff from comment #3) > Denial of service by passing overly long input to getaddrinfo, > getservbyname* and glob (CVE-2012-6686) This was rejected since it turned out to be a non-issue.
The scanf() implementation crashes on some inputs (CVE-2011-5320) (ID only assigned yesterday)
No backport or upstream fix exists for three issues; they have been moved to Bug 38115
Update has been built, tests were successful. YAML file: 2015-03-23-eglibc.yaml
Tests: OK Advisory: OK
<http://errata.univention.de/ucs/3.2/309.html>