Bug 40676

Summary: eglibc: Multiple issues (3.2)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P4 CC: botner, gohmann, walkenhorst
Version: UCS 3.2Flags: requate: Patch_Available+
Target Milestone: UCS 3.2-8-errata   
Hardware: Other   
OS: Linux   
URL: https://github.com/fjserna/CVE-2015-7547
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:

Description Arvid Requate univentionstaff 2016-02-16 17:58:02 CET 
Upstream Debian package version 2.11.3-4+deb6u7 fixes the following issue:

* Denial of service in nss_files (CVE-2014-8121)


Upstream Debian package version 2.11.3-4+deb6u10 fixes the following issues:

* nan function unbounded stack allocation (CVE-2014-9761)

* If an invalid separated time value is passed to strftime, the strftime function could crash or leak information. No affected applications are known (CVE-2015-8776)

* The rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments.  No impacted applications are known at this time (CVE-2015-8778)

* The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known (CVE-2015-8779)
Comment 1 Arvid Requate univentionstaff 2016-02-16 18:07:21 CET 
Upstream Debian package version 2.11.3-4+deb6u11 fixes the following issues:

* getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services (CVE-2015-7547)

* Denial of service due to memory leak while processing certain DNS answers in getaddrinfo, related to the _nss_dns_gethostbyname4_r function (No CVE yet)
Comment 2 Arvid Requate univentionstaff 2016-02-16 20:27:03 CET 
The upstream package has been imported and built without any additional patches.
Advisory: eglibc.yaml
Comment 3 Felix Botner univentionstaff 2016-02-17 17:29:27 CET 
reproducible with 2.11.3-4.24.201508171457 (CVE-2015-7547-client)

OK - CVE-2015-7547-client OK with 2.11.3-4.32.201602161815, amd64/i386
OK - ucs-test (standard tests), amd64/i386

OK - YAML
Comment 4 Arvid Requate univentionstaff 2016-02-17 18:53:45 CET 
<http://errata.software-univention.de/ucs/3.2/398.html>