Bug 38115 - eglibc: Multiple issues (3.2)
eglibc: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-6-errata
Assigned To: Arvid Requate
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-23 14:06 CET by Moritz Muehlenhoff
Modified: 2015-08-21 13:12 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-03-23 14:06:33 CET
These issues are still open after the release of Bug 37644:

Denial of service in nss_files (CVE-2014-8121)
The scanf() implementation crashes on some inputs (CVE-2011-5320) (ID only recently assigned)
Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
Comment 1 Arvid Requate univentionstaff 2015-04-30 17:37:49 CEST
Crafted DNS responses might cause application crashes or result in arbitrary code execution due to buffer overflow in nss_dns code used in gethostbyname_r and related functions (CVE-2015-3408)
Comment 2 Arvid Requate univentionstaff 2015-05-06 17:46:56 CEST
These have been classified as "Minor issue" by Debian:

* Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
* Denial of service in nss_files (CVE-2014-8121)
Comment 3 Arvid Requate univentionstaff 2015-05-27 19:35:42 CEST
* buffer overflow in gethostbyname_r and related functions (CVE-2015-1781)
Comment 4 Arvid Requate univentionstaff 2015-05-27 20:28:28 CEST
CVE-2015-3408 from comment 1 is incorrect, instead CVE-2015-1781 is correct and fixed in upstream Debian package version 2.11.3-4+deb6u6.

According to the security tracker CVE-2011-5320 has been fixed in 2.11.3-4+deb6u5 already.
Comment 5 Arvid Requate univentionstaff 2015-08-18 13:16:35 CEST
Advisory: 2015-08-18-eglibc.yaml
Comment 6 Philipp Hahn univentionstaff 2015-08-19 13:22:21 CEST
OK: DEBIAN_FRONTEND=noninteractive aptitude install -y '?source-package(eglibc)~i'
OK: DEBIAN_FRONTEND=noninteractive aptitude install -y '?source-package(eglibc)?not(?name(udeb))'
OK: amd64 i386
OK: zless /usr/share/doc/libc6/changelog.Debian.gz # 2.11.3-4+deb6u6

OK: #comment 0 CVE-2014-8121 minor
OK: #comment 0 CVE-2011-5320 debian/patches/any/cvs-vfscanf.diff (Bug #37644 comment 7)
OK: #comment 0 CVE-2013-2207 minor: UCS-3.2 uses devpts by default
OK: #comment 1 + #comment 4 CVE-2015-1781 FIXED

OK: 2015-08-18-eglibc.yaml
OK: errata-announce -V 2015-08-18-eglibc.yaml
Comment 7 Janek Walkenhorst univentionstaff 2015-08-21 13:12:16 CEST
<http://errata.univention.de/ucs/3.2/353.html>