[security-announce] glibc: CVE-2015-7547: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Feb 26 14:27:11 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: glibc 2.20
Severity: High
CVE Name: CVE-2015-7547
Layer: poky
=========================================================

This security update fixes a stack-based buffer overflow in getaddrinfo.

Description:
Multiple stack-based buffer overflows in the (1) send_dg and (2)
send_vc functions in the libresolv library in the GNU C Library (aka
glibc or libc6) before 2.23 allow remote attackers to cause a denial
of service (crash) or possibly execute arbitrary code via a crafted
DNS response that triggers a call to the getaddrinfo function with the
AF_UNSPEC or AF_INET6 address family, related to performing "dual
A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html

Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=1
6d0a0ce7613552301786bf05d7eba8784b5732c;hp=014eaa22077fd4759083b1a4619de
d513a181f92

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=b313001a4762cce6eca3d5
7fcd7f4c0f59d5d4e0

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJW0FKuAAoJEAilI68fskZd5ooH/3xP+G5R8n/Si765rrCfymd2
VL5OHshrVamSm2EjOnCteV4/Ye69D1t9LOSRS2yI1CGwioy5zidLvC56E30dmLBp
mI1auARROhFaxyEljZYPV6f4oOLZ+cLcgLuok4mmM4yEaNY4tMylhm58BSrdHTMe
nXRImcBbnUvx0s2KLsJP8uQLlRnB8Gw5yV0IKoH0Api3jWZhMp0cSM8J2mfpEXIl
xC4R/JEpUdXlaVkqe9Oav83sfeLwfLKzum+s5tCyON+IgzoeFgSPR5aMrHkn4CK4
6gbl71zA86aa6qah6w7ZyPxay4RFJhgdPnUtO6w5eSHMuLuLjjCgdAOiHbixaH8=
=mqUe
-----END PGP SIGNATURE-----



More information about the security-announce mailing list