[security-announce] glibc: CVE-2015-8779: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Thu Feb 4 07:57:25 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: glibc 2.20
Severity: Medium
CVE Name: CVE-2015-8779
Layer: poky
=========================================================

This security update fixes unbounded stack allocation in catopen functio
n.

Description:
A stack overflow vulnerability in the catopen function was found,
causing applications which pass long strings to the catopen function
to crash or, potentially execute arbitrary code.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8779
Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=17905
CVE assignment: http://seclists.org/oss-sec/2016/q1/153

Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=
0f58539030e436449f79189b6edab17d7479796e

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=5bebd3abb85fec2af8d490
45f696d73ec6a169c5

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWsvZVAAoJEAilI68fskZdFjcH/3CWgKUUBRhVyIDtw9WEtWDG
WLG2XiKxACklA+n+XoiNb2Oj1zB/4fskTRsMS2m9qPGp4vORB8UoMsXHgm1XaZRk
o+P/ik2iMtMegf2+vxHnr8qZEWoRNz/xMRVjF6CaXJ71Gv6FdeiRWDSC7Mnww7c0
u3IvCh5TTpHJttG+4Jbr6GBqFOp2fEUJktndHdKZthcLaZB+uQbQHrB5bI2liA0B
yeh47Mm24Bo1UaM5HfttTYP7udeFD1FUlu5q/RTvAkYa7uRntmMnIWVaDG1KXx8O
uD6dlOKoxJ+OeNRR6g4kz6Py9kAVwBevdqckCpBeLGy+jNfV/MFdxNInMQ9WG3M=
=EzSE
-----END PGP SIGNATURE-----



More information about the security-announce mailing list