Univention Bugzilla – Full Text Bug Listing |
Summary: | eglibc: Multiple issues (3.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P4 | CC: | botner, gohmann, walkenhorst |
Version: | UCS 3.2 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 3.2-8-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://github.com/fjserna/CVE-2015-7547 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Arvid Requate
2016-02-16 17:58:02 CET
Upstream Debian package version 2.11.3-4+deb6u11 fixes the following issues: * getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services (CVE-2015-7547) * Denial of service due to memory leak while processing certain DNS answers in getaddrinfo, related to the _nss_dns_gethostbyname4_r function (No CVE yet) The upstream package has been imported and built without any additional patches. Advisory: eglibc.yaml reproducible with 2.11.3-4.24.201508171457 (CVE-2015-7547-client) OK - CVE-2015-7547-client OK with 2.11.3-4.32.201602161815, amd64/i386 OK - ucs-test (standard tests), amd64/i386 OK - YAML |