Bug 37643
| Summary: | eglibc: Multiple issues (4.0) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Janek Walkenhorst <walkenhorst> |
| Component: | Security updates | Assignee: | Stefan Gohmann <gohmann> |
| Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
| Severity: | normal | ||
| Priority: | P3 | CC: | gohmann, jmm, requate, walkenhorst |
| Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
| Target Milestone: | UCS 4.0-3-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=40059 | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
|
Description
Janek Walkenhorst
During high load getaddrinfo() may send DNS queries to random fds (CVE-2013-7423) (only recently assigned) Buffer overflow in swscanf() (CVE-2015-1472/CVE-2015-1473) (UCS 3.x is not affected, the patch which introduced this was never added to squeeze) Memory corruption in getaddrinfo() if the AI_IDN flag is used (CVE-2013-7424) (only recently assigned) Denial of service by passing overly long input to getaddrinfo, getservbyname* and glob (CVE-2012-6686) Denial of service in nss_files (CVE-2014-8121) The scanf() implementation crashes on some inputs (CVE-2011-5320) (ID only assigned yesterday) The majority of issues here is fixed in upstream Debian package version 2.13-38+deb7u8 CVE-2012-6686 in Comment 3 is invalid, probably should have been CVE-2013-4357 Still unfixed because classified as "Minor issue" by Debian: * Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207) * Denial of service in nss_files (CVE-2014-8121) CVE-2011-5320 is still unfixed because "The issue was present since the dawn of times" (or whatever), patch available upstream but might be too intrusive. The open issues have been copied to Bug 38407, so this one may get fixed ASAP. These have been fixed: - CVE-2015-1472 - CVE-2015-1473 - CVE-2012-3406 - CVE-2014-4043 - CVE-2014-9402 - CVE-2013-7424 These have been moved to Bug #38407: - CVE-2013-2207 - CVE-2014-8121 - CVE-2011-5320 These have already been fixed earlier: - CVE-2012-3405 - CVE-2013-7423 - CVE-2013-4357 → YAML: 2015-08-28-eglibc.yaml OK: announce-errata -V 2015-08-28-eglibc.yaml OK: 2015-08-28-eglibc.yaml OK: aptitude -y install '?source-package(^eglibc$)~i' OK: aptitude install '?source-package(^eglibc$)?not(?name(udeb))' OK: amd64 i386 OK: zless /usr/share/doc/libc6/changelog.Debian.gz (2.13-38+deb7u7..2.13-38+deb7u8] OK: CVE-2015-1472 OK: CVE-2015-1473 <https://sourceware.org/bugzilla/show_bug.cgi?id=16618> OK: CVE-2012-3406 bug23-?.c OK: CVE-2014-4043 <https://bugzilla.redhat.com/show_bug.cgi?id=1109263> OK: CVE-2014-9402 <https://sourceware.org/bugzilla/show_bug.cgi?id=17630#c10> OK: CVE-2013-7424 ping6 தளம்.பாராளுமன்றம்.இலங்கை. OK: CVE-2012-3405 OK: CVE-2013-7423 apt-get install -y gcc && wget -O bug.c https://sourceware.org/bugzilla/attachment.cgi?id=8161 && gcc -o bug bug.c -lpthread && ./bug OK: CVE-2013-4357 OK: Bug #38407 |