r6661 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Author: aurel32
Date: 2015-10-19 11:18:09 +0000 (Mon, 19 Oct 2015)
New Revision: 6661
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
an unexpected closing of nss_files databases after lookups, causing
denial of service (CVE-2014-8121). Closes: #779587.
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19 10:54:13 UTC (rev 6660)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-10-19 11:18:09 UTC (rev 6661)
@@ -2,6 +2,9 @@
* patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
+ * patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
+ an unexpected closing of nss_files databases after lookups, causing
+ denial of service (CVE-2014-8121). Closes: #779587.
-- Aurelien Jarno <aurel32@debian.org> Mon, 19 Oct 2015 12:40:42 +0200
Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-CVE-2014-8121.diff 2015-10-19 11:18:09 UTC (rev 6661)
@@ -0,0 +1,17 @@
+2015-04-29 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #18007]
+ * nss/nss_files/files-XXX.c (CONCAT): Always enable stayopen.
+ (CVE-2014-8121)
+
+--- a/nss/nss_files/files-XXX.c
++++ b/nss/nss_files/files-XXX.c
+@@ -134,7 +134,7 @@ CONCAT(_nss_files_set,ENTNAME) (int stayopen)
+
+ __libc_lock_lock (lock);
+
+- status = internal_setent (stayopen);
++ status = internal_setent (1);
+
+ if (status == NSS_STATUS_SUCCESS && fgetpos (stream, &position) < 0)
+ {
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-10-19 10:54:13 UTC (rev 6660)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-10-19 11:18:09 UTC (rev 6661)
@@ -404,3 +404,4 @@
any/cvs-getnetbyname.diff
any/cvs-getaddrinfo-idn.diff
any/cvs-CVE-2015-1781.diff
+any/cvs-CVE-2014-8121.diff
Reply to: