Discover Government News

Arch Linux Security Advisory ASA-201602-14
=========================================
Severity: Critical
Date    : 2016-02-17
CVE-ID  : CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778
          CVE-2015-8779
Package : glibc
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package glibc before version 2.22-4 is vulnerable to multiple issues
including but not limited to arbitrary code execution, information
disclosure and denial of service.
It is advised to restart all services that may perform DNS lookups.

Resolution
=========
Upgrade to 2.22-4.

# pacman -Syu "glibc>=2.22-4"

The problems have been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
- CVE-2015-7547 (arbitrary code execution)

A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from
the nss_dns NSS service module.

- CVE-2015-8776 (information disclosure)

It was found that out-of-range time values passed to the strftime
function may cause it to crash, leading to a denial of service, or
potentially disclosure information.

- CVE-2015-8777 (restriction bypass)

LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries
(in AT_SECURE mode). This might allow local attackers (who can supply
the environment variable) to bypass intended security restrictions.

- CVE-2015-8778 (arbitrary code execution)

An integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access.  This could lead to application crashes
or, potentially, arbitrary code execution.

- CVE-2015-8779 (arbitrary code execution)

A stack overflow (unbounded alloca) in the catopen function can cause
applications which pass long strings to the catopen function to crash
or, potentially execute arbitrary code.

Impact
=====
A remote attacker is able to execute arbitrary code, potentially
disclosure sensitive information or perform a denial of service attack
via multiple vectors.

References
=========
https://access.redhat.com/security/cve/CVE-2015-7547
https://access.redhat.com/security/cve/CVE-2015-8776
https://access.redhat.com/security/cve/CVE-2015-8777
https://access.redhat.com/security/cve/CVE-2015-8778
https://access.redhat.com/security/cve/CVE-2015-8779
https://seclists.org/oss-sec/2016/q1/153

ArchLinux: 201602-14: glibc: multiple issues

February 17, 2016

Summary

- CVE-2015-7547 (arbitrary code execution) A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
- CVE-2015-8776 (information disclosure)
It was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information.
- CVE-2015-8777 (restriction bypass)
LD_POINTER_GUARD was an environment variable which controls security-related behavior, but was not ignored for privileged binaries (in AT_SECURE mode). This might allow local attackers (who can supply the environment variable) to bypass intended security restrictions.
- CVE-2015-8778 (arbitrary code execution)
An integer overflow in hcreate and hcreate_r which can result in an out-of-bound memory access. This could lead to application crashes or, potentially, arbitrary code execution.
- CVE-2015-8779 (arbitrary code execution)
A stack overflow (unbounded alloca) in the catopen function can cause applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.

Resolution

Upgrade to 2.22-4. # pacman -Syu "glibc>=2.22-4"
The problems have been fixed upstream but no release is available yet.

References

https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/cve/CVE-2015-8776 https://access.redhat.com/security/cve/CVE-2015-8777 https://access.redhat.com/security/cve/CVE-2015-8778 https://access.redhat.com/security/cve/CVE-2015-8779 https://seclists.org/oss-sec/2016/q1/153

Severity
CVE-2015-8779
Package : glibc
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News