Bug 38115 – eglibc: Multiple issues (3.2)

Bug 38115 - eglibc: Multiple issues (3.2)


Summary:	eglibc: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P4 normal (vote)
Target Milestone:	UCS 3.2-6-errata
Assigned To:	Arvid Requate
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-03-23 14:06 CET by Moritz Muehlenhoff
Modified:	2015-08-21 13:12 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2015-03-23 14:06:33 CET

These issues are still open after the release of Bug 37644:

Denial of service in nss_files (CVE-2014-8121)
The scanf() implementation crashes on some inputs (CVE-2011-5320) (ID only recently assigned)
Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)

Comment 1 Arvid Requate

2015-04-30 17:37:49 CEST

Crafted DNS responses might cause application crashes or result in arbitrary code execution due to buffer overflow in nss_dns code used in gethostbyname_r and related functions (CVE-2015-3408)

Comment 2 Arvid Requate

2015-05-06 17:46:56 CEST

These have been classified as "Minor issue" by Debian:

* Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
* Denial of service in nss_files (CVE-2014-8121)

Comment 3 Arvid Requate

2015-05-27 19:35:42 CEST

* buffer overflow in gethostbyname_r and related functions (CVE-2015-1781)

Comment 4 Arvid Requate

2015-05-27 20:28:28 CEST

CVE-2015-3408 from comment 1 is incorrect, instead CVE-2015-1781 is correct and fixed in upstream Debian package version 2.11.3-4+deb6u6.

According to the security tracker CVE-2011-5320 has been fixed in 2.11.3-4+deb6u5 already.

Comment 5 Arvid Requate

2015-08-18 13:16:35 CEST

Advisory: 2015-08-18-eglibc.yaml

Comment 6 Philipp Hahn

2015-08-19 13:22:21 CEST

OK: DEBIAN_FRONTEND=noninteractive aptitude install -y '?source-package(eglibc)~i'
OK: DEBIAN_FRONTEND=noninteractive aptitude install -y '?source-package(eglibc)?not(?name(udeb))'
OK: amd64 i386
OK: zless /usr/share/doc/libc6/changelog.Debian.gz # 2.11.3-4+deb6u6

OK: #comment 0 CVE-2014-8121 minor
OK: #comment 0 CVE-2011-5320 debian/patches/any/cvs-vfscanf.diff (Bug #37644 comment 7)
OK: #comment 0 CVE-2013-2207 minor: UCS-3.2 uses devpts by default
OK: #comment 1 + #comment 4 CVE-2015-1781 FIXED

OK: 2015-08-18-eglibc.yaml
OK: errata-announce -V 2015-08-18-eglibc.yaml

Comment 7 Janek Walkenhorst

2015-08-21 13:12:16 CEST

<http://errata.univention.de/ucs/3.2/353.html>