ArchLinux: 201602-14: glibc: multiple issues
Summary
- CVE-2015-7547 (arbitrary code execution)
A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from
the nss_dns NSS service module.
- CVE-2015-8776 (information disclosure)
It was found that out-of-range time values passed to the strftime
function may cause it to crash, leading to a denial of service, or
potentially disclosure information.
- CVE-2015-8777 (restriction bypass)
LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries
(in AT_SECURE mode). This might allow local attackers (who can supply
the environment variable) to bypass intended security restrictions.
- CVE-2015-8778 (arbitrary code execution)
An integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access. This could lead to application crashes
or, potentially, arbitrary code execution.
- CVE-2015-8779 (arbitrary code execution)
A stack overflow (unbounded alloca) in the catopen function can cause
applications which pass long strings to the catopen function to crash
or, potentially execute arbitrary code.
Resolution
Upgrade to 2.22-4.
# pacman -Syu "glibc>=2.22-4"
The problems have been fixed upstream but no release is available yet.
References
https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/cve/CVE-2015-8776 https://access.redhat.com/security/cve/CVE-2015-8777 https://access.redhat.com/security/cve/CVE-2015-8778 https://access.redhat.com/security/cve/CVE-2015-8779 https://seclists.org/oss-sec/2016/q1/153
Workaround
None.