Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 547296 (CVE-2015-1781) - <sys-libs/glibc-2.21-r1: buffer overflow in gethostbyname_r() and related functions with misaligned buffer (CVE-2015-1781)
Summary: <sys-libs/glibc-2.21-r1: buffer overflow in gethostbyname_r() and related fun...
Status: RESOLVED FIXED
Alias: CVE-2015-1781
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A2 [glsa cve cleanup]
Keywords:
Depends on: 563524
Blocks:
  Show dependency tree
 
Reported: 2015-04-21 13:02 UTC by Agostino Sarubbo
Modified: 2016-02-17 15:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-04-21 13:02:59 UTC
From ${URL} :

Arjun Shankar of Red Hat discovered that the nss_dns code does not
adjust the buffer length when the buffer start pointer is aligned.  As a
result, a buffer overflow can occur in the implementation of functions
such as gethostbyname_r, and crafted DNS responses might cause
application crashes or result in arbitrary code execution.

This can only happen if these functions are called with a misaligned
buffer.  I looked at quite a bit of source code, and tested applications
with a patched glibc that logs misaligned buffers.  I did not observe
any such misaligned buffers.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Upstream commit:

https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2015-07-21 03:49:12 UTC
this has been fixed for glibc 2.22 and 2.21.1, and i've backported it to our glibc 2.21-r1 ebuild.  but that's just now hitting ~arch so it'll be a little while before we can stabilize.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2015-11-03 17:09:33 UTC
(In reply to SpanKY from comment #1)
> this has been fixed for glibc 2.22 and 2.21.1, and i've backported it to our
> glibc 2.21-r1 ebuild.  but that's just now hitting ~arch so it'll be a
> little while before we can stabilize.

Been 60+ days, are we ready for stabilization?
Comment 3 SpanKY gentoo-dev 2015-11-03 21:09:12 UTC
(In reply to Yury German from comment #2)

glibc-2.21 is already stable for most arches via bug 563524
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-23 22:55:10 UTC
(In reply to SpanKY from comment #3)
> (In reply to Yury German from comment #2)
> 
> glibc-2.21 is already stable for most arches via bug 563524

Thank you for reply!
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-02-17 15:39:00 UTC
This issue was resolved and addressed in
 GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02
by GLSA coordinator Tobias Heinlein (keytoaster).