r6661 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r6661 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
From: Aurelien Jarno <aurel32@moszumanska.debian.org>
Date: Mon, 19 Oct 2015 11:18:09 +0000
Message-id: <[🔎] E1Zo8S9-00023o-9T@moszumanska.debian.org>

Author: aurel32
Date: 2015-10-19 11:18:09 +0000 (Mon, 19 Oct 2015)
New Revision: 6661

Added:
   glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff
Modified:
   glibc-package/branches/glibc-branch-wheezy/debian/changelog
   glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
an unexpected closing of nss_files databases after lookups, causing
denial of service (CVE-2014-8121).  Closes: #779587.

Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-10-19 10:54:13 UTC (rev 6660)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-10-19 11:18:09 UTC (rev 6661)
@@ -2,6 +2,9 @@
 
   * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
     a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
+  * patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
+    an unexpected closing of nss_files databases after lookups, causing
+    denial of service (CVE-2014-8121).  Closes: #779587.
 
  -- Aurelien Jarno <aurel32@debian.org>  Mon, 19 Oct 2015 12:40:42 +0200
 

Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff	2015-10-19 11:18:09 UTC (rev 6661)
@@ -0,0 +1,17 @@
+2015-04-29  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #18007]
+	* nss/nss_files/files-XXX.c (CONCAT): Always enable stayopen.
+	(CVE-2014-8121)
+
+--- a/nss/nss_files/files-XXX.c
++++ b/nss/nss_files/files-XXX.c
+@@ -134,7 +134,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stayopen)
+ 
+   __libc_lock_lock (lock);
+ 
+-  status = internal_setent (stayopen);
++  status = internal_setent (1);
+ 
+   if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
+     {

Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-10-19 10:54:13 UTC (rev 6660)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-10-19 11:18:09 UTC (rev 6661)
@@ -404,3 +404,4 @@
 any/cvs-getnetbyname.diff
 any/cvs-getaddrinfo-idn.diff
 any/cvs-CVE-2015-1781.diff
+any/cvs-CVE-2014-8121.diff

Reply to:

Prev by Date: r6660 - in glibc-package/branches/glibc-2.21/debian: . patches patches/any
Next by Date: r6662 - in glibc-package/branches/glibc-branch-jessie/debian: . patches
Previous by thread: r6660 - in glibc-package/branches/glibc-2.21/debian: . patches patches/any
Next by thread: r6662 - in glibc-package/branches/glibc-branch-jessie/debian: . patches
Index(es):
- Date
- Thread