Bug 38407 – eglibc: Multiple issues (4.0)

Bug 38407 - eglibc: Multiple issues (4.0)


Summary:	eglibc: Multiple issues (4.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P4 normal (vote)
Target Milestone:	UCS 4.0-4-errata
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:	https://github.com/fjserna/CVE-2015-7547
Keywords:

Depends on:	40022
Blocks:
	Show dependency tree / graph

Reported:	2015-04-30 17:38 CEST by Arvid Requate
Modified:	2016-02-17 18:53 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-04-30 17:38:25 CEST

Crafted DNS responses might cause application crashes or result in arbitrary code execution due to buffer overflow in nss_dns code used in gethostbyname_r and related functions (CVE-2015-3408)

Comment 1 Arvid Requate

2015-05-06 17:44:30 CEST

Still unfixed because classified as "Minor issue" by Debian:

* Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
* Denial of service in nss_files (CVE-2014-8121)

CVE-2011-5320 is still unfixed because "The issue was present since the dawn of times" (or whatever), patch available upstream but might be too intrusive.

Comment 2 Arvid Requate

2015-05-27 19:35:05 CEST

* buffer overflow in gethostbyname_r and related functions (CVE-2015-1781)

Comment 3 Arvid Requate

2015-10-21 17:40:17 CEST

CVE-2015-3408 above is invalid

Comment 4 Arvid Requate

2016-02-16 17:38:43 CET

Upstream Debian package version 2.13-38+deb7u10 fixes these issues:

* Denial of service in nss_files (CVE-2014-8121)

* buffer overflow in gethostbyname_r and related functions (CVE-2015-1781)

* getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services (CVE-2015-7547)

* If an invalid separated time value is passed to strftime, the strftime function could crash or leak information. No affected applications are known (CVE-2015-8776)

* LD_POINTER_GUARD not ignored for SUID programs, enabling an unintended bypass of a security feature (CVE-2015-8777)

* The rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments.  No impacted applications are known at this time (CVE-2015-8778)

* The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known (CVE-2015-8779)

Comment 5 Arvid Requate

2016-02-16 20:25:30 CET

The upstream package has been imported and built without any additional patches.
Advisory: eglibc.yaml

Comment 6 Felix Botner

2016-02-17 16:47:47 CET

reproducible with 2.13-38.25.2015082816 (CVE-2015-7547-client)

OK - CVE-2015-7547-client OK with 2.13-38.28.2016021618
OK - ucs-test

OK - eglibc.yaml

Comment 7 Arvid Requate

2016-02-17 18:53:41 CET

<http://errata.software-univention.de/ucs/4.0/400.html>