Debian 8: DSA-3480-1 Critical: eglibc Buffer Overflow Issues
debian
February 16, 2016
Several vulnerabilities have been fixed in the GNU C Library, eglibc
Summary
The CVE-2015-7547 vulnerability listed below is considered to have
critical impact.
CVE-2014-8121
Robin Hack discovered that the nss_files database did not
correctly implement enumeration interleaved with name-based or
ID-based lookups. This could cause the enumeration enter an
endless loop, leading to a denial of service.
CVE-2015-1781
Arjun Shankar discovered that the _r variants of host name
resolution functions (like gethostbyname_r), when performing DNS
name resolution, suffered from a buffer overflow if a misaligned
buffer was supplied by the applications, leading to a crash or,
potentially, arbitrary code execution. Most applications are not
affected by this vulnerability because they use aligned buffers.
CVE-2015-7547
The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a sta...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: eglibc
CVE ID: CVE-2014-8121 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!