[security-announce] eglibc: Security update

Sona Sarmadi sona.sarmadi at enea.com
Sun Feb 22 09:01:19 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: eglibc
Severity: Low
Issue date: 2015-02-22
CVE Names: CVE-2014-9402
Layer: meta
=========================================================
This security patch fixes a denial of service in getnetbyname function.

README file: 0044-eglibc-CVE-2014-9402.README
Patch file:  0044-eglibc-CVE-2014-9402.patch

Description
===========
getnetbyname function in eglibc 2.21 and earlier will
enter an infinite loop if the DNS backend is activated
in the system Name Service Switch configuration, and the
DNS resolver receives a positive answer while processing
the networkname.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402
https://sourceware.org/bugzilla/show_bug.cgi?id=17630

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
wget http://linux.enea.com/4.0/patches/0044-eglibc-CVE-2014-9402.patch
patch -p1 < ./0044-eglibc-CVE-2014-9402.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU6YzPAAoJEHc+9u9ocWoUvzEP/2aLAj3GqXinSQW+QAue9WFS
pc+7EBV0DdvMvylPu0DIR7iomYFR0WaxJBFeOmrd0qNCf42QAoe8Si/NoUc6tuRE
QflYZESNBXYXRUPptk1cqtYScI1/SwJDMAHMXyRGSSlggvgHDveyGKP0UlvjzMWi
6byRqysdH528Fja5Koo+zehYL0v6tKNVl46Tq4xxiMPczb1Th6WroCuwEEnBcwf+
kqe7Krx12lAB/0mnO+FQh+/2MSYh5X9JudWLzHU7kwCTDxZlIxTgJ5YAhPwX/E3i
BEpdeMpQRqUCYcm3WXTnHAerC8XAIVQaxL9eWacwtkNJLgwtwhM2PpcOXORSjjKY
egtPTGmHJWs/bEOE+L8NbYPlE4UsH9mADm3X8ic2HsXlGA4SGVbNk+gec/g6nzXq
nLlBppQ025Y7IGLYdWg+zhCze0+yZ7A3dcycNnm0Z9juUiDwUkMoQFYFmmc+EOPg
hTxe3jBQzmuoBqkGq3g11tcSPEInPAOqytKofJVzAIbX1cvgMwjF2ZnL8wjS3Ail
pvgkw4S8pYL3M9sYlIgovrBNvV0kGg4P3ljlDaM/1qfAZqB3Iej38zna07eZQ1Xw
UmXIR4KP+Lo0RGABRcyxG9r2YVE9Wfza6CPOlXq+4Sv5pYI4yNCz5f7rb1FXZWCE
TjqKShSvYGJzPJwoigB+
=wBPV
-----END PGP SIGNATURE-----



More information about the security-announce mailing list