Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552692 (CVE-2014-8121) - <sys-libs/glibc-2.21-r2: file pointer reset with NSS (CVE-2014-8121)
Summary: <sys-libs/glibc-2.21-r2: file pointer reset with NSS (CVE-2014-8121)
Status: RESOLVED FIXED
Alias: CVE-2014-8121
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on: CVE-2015-7547
Blocks:
  Show dependency tree
 
Reported: 2015-06-21 00:23 UTC by GLSAMaker/CVETool Bot
Modified: 2016-02-17 15:39 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-21 00:23:41 UTC
CVE-2014-8121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121):
  DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C
  Library (aka glibc or libc6) 2.21 and earlier does not properly check if a
  file is open, which allows remote attackers to cause a denial of service
  (infinite loop) by performing a look-up while the database is iterated over
  the database, which triggers the file pointer to be reset.
Comment 1 SpanKY gentoo-dev 2015-07-21 03:13:16 UTC
this is fixed in glibc-2.22, but i don't plan on trying to backport it as it touches a few more files/logic than i'm comfortable with backporting
Comment 2 SpanKY gentoo-dev 2016-02-16 19:05:53 UTC
i've included this in glibc-2.21-r2 now; stabilization is via bug 574880
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-02-17 15:39:08 UTC
This issue was resolved and addressed in
 GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02
by GLSA coordinator Tobias Heinlein (keytoaster).