[security-announce] glibc: CVE-2015-7547: Security advisory **Critical**

Sona Sarmadi sona.sarmadi at enea.com
Thu Feb 25 11:49:52 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Forthcoming security update glibc: CVE-2015-7547
=================================================

glibc getaddrinfo() stack-based buffer overflow

A stack-based buffer overflow was found in the way the libresolv
library performed dual A/AAAA DNS queries. A remote attacker could
create a specially crafted DNS response which could cause libresolv to
crash or, potentially, execute code with the permissions of the user
running the library. Note: this issue is only exposed when libresolv
is called from the nss_dns NSS service module.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html
https://bugzilla.redhat.com/show_bug.cgi?id=1293532

A patch will be soon available at git.enea.com. All affected customers
will be  informed via Enea support team.

If you have any questions regarding the security patches and security
updates please contact Enea Security Team, security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWztxPAAoJEAilI68fskZdAL8H/Art0LwpDC/dXg4ZgrdnwVz9
EZNTqIldMbOkt5JwufCYWKkrw6bOqLW6SU4fIvfN6SGN05NtIH2skgG7LP2nEFus
+UTfeTWDW3WaEGqweOuRcTvuYTmohIGDR5/TTZBYMwYCnzmqbF4iauIR0eEOpA1O
i6buKfSBGEZ9QOUy3xlXHF0w2rTNgKNEbp3Gfy9SMI1iBX6MlcSLt5U/vJTreV+0
gaNNX9qsrR2MwpF5kuIHj/OzvmZeKev8b5zHlXLuTQ0420Qh2NjN9tHp0aMvgZcU
lEk9oUKzUdcqUxvt4lrHDp9eIlTAhZ/BGUeNq6YKej4mpyjXP5cen4Hqa1PmnO0=
=Q9GB
-----END PGP SIGNATURE-----



More information about the security-announce mailing list