[security-announce] eglibc: CVE-2015-7547: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Tue Mar 1 13:46:26 CET 2016

	Enea Linux Security Advisory

Product/package: Enea Linux 4.0 /eglibc 2.19
Severity: High
CVE Name: CVE-2015-7547
Layer: meta

This security update fixes a stack-based buffer overflow in getaddrinfo.

Multiple stack-based buffer overflows in the (1) send_dg and (2)
send_vc functions in the libresolv library in the GNU C Library (aka
glibc or libc6) before 2.23 allow remote attackers to cause a denial
of service (crash) or possibly execute arbitrary code via a crafted
DNS response that triggers a call to the getaddrinfo function with the
AF_UNSPEC or AF_INET6 address family, related to performing "dual
A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.


Upstream patch:

Correction for Enea Linux 4.0:

How to get the latest patches
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-4.0/poky
git pull

- If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-4.0
git -C Enea-Linux-4.0 clone -b daisy git://git.enea.com/linux/poky.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-virtualization.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-ti.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-selftest.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-eca.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-intel.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b daisy git://git.enea.com/linux/meta-xilinx.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160301/dc46b0e8/attachment-0002.sig>

More information about the security-announce mailing list