Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 591246 (CVE-2016-5417) - <sys-libs/glibc-2.22-r3: Per-thread memory leak in __res_vinit with IPv6 nameservers
Summary: <sys-libs/glibc-2.22-r3: Per-thread memory leak in __res_vinit with IPv6 name...
Status: RESOLVED FIXED
Alias: CVE-2016-5417
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-14 10:30 UTC by Agostino Sarubbo
Modified: 2016-11-12 06:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-08-14 10:30:02 UTC
From ${URL} :

We have assigned CVE-2016-5417 to a memory leak in glibc.  It was 
introduced in glibc 2.22, with commit 
2212c1420c92a33b0e0bd9a34938c9814a56c0f7 (which also caused other 
regressions, which is why we backed it out in Fedora).

The leak is triggered if name resolution functions are called in such a 
way that internal resolver data structures are only initialized 
partially.  The memory leak was independently reported as occurring 
during Apache httpd testing, so we found it prudent to treat it as a 
very minor security vulnerability.



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-11-12 06:34:16 UTC
the fix is in stable already in glibc-2.22-r4
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-11-12 06:58:41 UTC
GLSA Vote: No