[Secure-testing-team] Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Ondřej Surý
ondrej at debian.org
Tue Jan 27 15:09:38 UTC 2015
Package: libc6
Version: 2.19-13
Severity: grave
Tags: security upstream
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
as this has been made public, let's fix it quickly (it might even be a
critical as this is remote):
From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
> A heap-based buffer overflow was found in
> __nss_hostname_digits_dots(), which is used by the gethostbyname()
> and gethostbyname2() glibc function call. A remote attacker could
> use this flaw to execute arbitary code with the permissions of the
> user running the application.
Upstream patch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
Public announcement:
http://www.frsag.org/pipermail/frsag/2015-January/005722.html
Cheers,
Ondrej
- -- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libc6 depends on:
ii libgcc1 1:4.9.1-19
libc6 recommends no packages.
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.55
pn glibc-doc <none>
ii locales 2.19-13
ii locales-all [locales] 2.19-13
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUx6oxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy
Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK
56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl
XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076
rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD
wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI
QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq
5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0
0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru
ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw
IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W
YB3rV1cN3Um3W6f+8SoB
=g7tZ
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list