Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 608698 (CVE-2015-5180)

Summary: <sys-libs/glibc-2.23-r4: DNS resolver NULL pointer dereference with crafted record type
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html
See Also: https://sourceware.org/bugzilla/show_bug.cgi?id=18784
Whiteboard: A3 [glsa cve glsa blocked]
Package list:
Runtime testing required: ---
Bug Depends on: 622220    
Bug Blocks:    

Description Thomas Deutschmann gentoo-dev Security 2017-02-09 09:08:54 UTC
CVE-2015-5180

DNS resolver NULL pointer dereference with crafted record type

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=18784

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-02-09 09:10:11 UTC
@ Maintainer(s): The vulnerabilities is fixed in >=sys-libs/glibc-2.25. Please bump the package and tell us if you plan to backport the fix.
Comment 2 SpanKY gentoo-dev 2017-02-09 11:40:47 UTC
this is in the 2.24 ebuild now
Comment 3 Matthias Maier gentoo-dev 2017-06-19 16:31:50 UTC
commit c46d0e63310fe68ed4bf6a3b0c3fbcc5d4d9918b
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Thu Jun 8 12:14:52 2017 -0500

    sys-libs/glibc: bump 2.23 to patchset 8
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-06-20 17:55:26 UTC
This issue was resolved and addressed in
 GLSA 201706-19 at https://security.gentoo.org/glsa/201706-19
by GLSA coordinator Thomas Deutschmann (whissi).