Summary: | <sys-libs/glibc-2.15-r2 : EMFILE Error Handling Two Denial of Service Vulnerabilities (CVE-2011-4609) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=767299 | ||
Whiteboard: | A3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-01-16 15:43:41 UTC
Hi, this bug was fixed on 28th Nov 2012 by upstream. See http://sourceware.org/bugzilla/show_bug.cgi?id=14889 Patch: http://sourceware.org/git/?p=glibc.git;a=commit;h=14bc93a967e62abf8cf2704725b6f76619399f83 (In reply to comment #1) > Hi, > > this bug was fixed on 28th Nov 2012 by upstream. See > > http://sourceware.org/bugzilla/show_bug.cgi?id=14889 > > Patch: > > http://sourceware.org/git/?p=glibc.git;a=commit; > h=14bc93a967e62abf8cf2704725b6f76619399f83 thanks for the notice CVE-2011-4609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4609): The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. this is in glibc-2.17 which is stable now Always covered by GLSA 201312-01 |