Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian 8: DSA-3480-1 Critical: eglibc Buffer Overflow Issues

debian
Calendar Grey February 16, 2016
Scroller Debian
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities have been fixed in the GNU C Library, eglibc

Summary

The CVE-2015-7547 vulnerability listed below is considered to have
critical impact.

CVE-2014-8121

Robin Hack discovered that the nss_files database did not
correctly implement enumeration interleaved with name-based or
ID-based lookups. This could cause the enumeration enter an
endless loop, leading to a denial of service.

CVE-2015-1781

Arjun Shankar discovered that the _r variants of host name
resolution functions (like gethostbyname_r), when performing DNS
name resolution, suffered from a buffer overflow if a misaligned
buffer was supplied by the applications, leading to a crash or,
potentially, arbitrary code execution. Most applications are not
affected by this vulnerability because they use aligned buffers.

CVE-2015-7547

The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a sta...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: eglibc
CVE ID: CVE-2014-8121 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.