Summary: | <sys-libs/glibc-2.22-r4: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=19879 | ||
See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=19879 | ||
Whiteboard: | A2 [glsa cve cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-03-30 12:52:53 UTC
i've added the upstream fixes to 2.22-r3. no plans to do a 2.21 backport. should be fine to move forward w/stabilizing 2.22 in general. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3a77a809fe55f649025718d9c335ac07b87387e We will wait a bit and then stabilize 2.22-r3 if no problems come out. hmm, let's go with -r4. looks like the specific patch in question wasn't actually backported to the branches when i made the patchset earlier. Arches, please test and mark stable: =sys-libs/glibc-2.22-r4 Target keywords : "alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86" amd64 stable Stable for HPPA. x86 stable done most of the rest alpha stable. That's the last arch. New GLSA created. @ Maintainer(s): Please cleanup or apply masks if you want to keep old packages in repository for some reasons. I cannot find the GLSA for this CVE. Furthermore, the CVE said that glibc-2.23 is also impacted. (In reply to LABBE Corentin from comment #11) > I cannot find the GLSA for this CVE. > Furthermore, the CVE said that glibc-2.23 is also impacted. No GLSA has been released. As far as the patches, our Glibc maintainer backported the fixes to 2.22-r3 as mentioned in the comments. This issue was resolved and addressed in GLSA 201702-11 at https://security.gentoo.org/glsa/201702-11 by GLSA coordinator Thomas Deutschmann (whissi). |