Bug#779587: marked as done (glibc: Three vulnerabilities)
Your message dated Tue, 22 Dec 2015 21:48:27 +0000
with message-id <E1aBUnD-00060s-P4@franck.debian.org>
and subject line Bug#779587: fixed in eglibc 2.13-38+deb7u9
has caused the Debian Bug report #779587,
regarding glibc: Three vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
-- 
779587: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779587
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: glibc: Three vulnerabilities
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Mon, 02 Mar 2015 19:33:47 +0100
- Message-id: <20150302183347.13837.78720.reportbug@m25s06.vlinux.de>
Package: glibc
Severity: important
Tags: security
Hi,
these three new security issues are unfixed in jessie/sid:
1. Unexpected closing of nss_files databases after
lookups causes denial of service (CVE-2014-8121):
Patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8121
(fix not yet merged upstream)
2. potential application crash due to overread in fnmatch
(no CVE yet, CVE request at
http://www.openwall.com/lists/oss-security/2015/02/26/5)
https://sourceware.org/bugzilla/show_bug.cgi?id=18032
Patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
3. _IO_wstr_overflow integer overflow
(no CVE yet, CVE request at
http://www.openwall.com/lists/oss-security/2015/02/22/15)
https://sourceware.org/bugzilla/show_bug.cgi?id=17269
Patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
Cheers,
        Moritz
--- End Message ---
--- Begin Message ---
Source: eglibc
Source-Version: 2.13-38+deb7u9
We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 779587@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 21 Dec 2015 00:01:08 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.13-38+deb7u9
Distribution: wheezy
Urgency: medium
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 779587 796105 798316 801691 803927
Changes: 
 eglibc (2.13-38+deb7u9) wheezy; urgency=medium
 .
   [ Aurelien Jarno ]
   * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
     a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
   * patches/any/cvs-fnmatch-overflow.diff: new patch from upstream to fix
     a buffer overflow (read past end of buffer) in internal_fnmatch.
   * patches/any/cvs-_IO_wstr_overflow.diff: new patch from upstream to fix
     an integer overlow in IO_wstr_overflow.
   * patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
     an unexpected closing of nss_files databases after lookups, causing
     denial of service (CVE-2014-8121).  Closes: #779587.
   * patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to
     unconditionally disable LD_POINTER_GUARD.  Closes: #798316, #801691.
 .
   [ Raphaël Hertzog ]
   * debian/patches/any/cvs-strxfrm-buffer-overflows.diff: new patch
     from upstream to fix memory allocations issues that can lead to buffer
     overflows on the stack. Closes: #803927.
Checksums-Sha1: 
 74d3d3ff09e1699140ddeb8c81aa1064954aec9c 5370 eglibc_2.13-38+deb7u9.dsc
 947574118b5cbf2a627a6eace3fb1609a68c68e7 2032480 eglibc_2.13-38+deb7u9.diff.gz
 9fac56e8102a788379e983941001750b292225f5 1898360 glibc-doc_2.13-38+deb7u9_all.deb
 1d5968e94d4ef9799daf6a5aa179c4f7b0ab0ab9 13566556 eglibc-source_2.13-38+deb7u9_all.deb
 e1b4b424b578c5f667586213b0fbd8e656522569 5654918 locales_2.13-38+deb7u9_all.deb
 33a79e5c05fd5a6f701d36980797434e7cd5846c 4224614 libc6_2.13-38+deb7u9_amd64.deb
 5b9ab18c8dce8d4db5b1ccd449ee201450e5b06b 2662030 libc6-dev_2.13-38+deb7u9_amd64.deb
 80435daa14edfe6e7a7afa4cc34a8518565dbd56 2111306 libc6-prof_2.13-38+deb7u9_amd64.deb
 31cde7e30cc699597ab95544099a20dd9895aee4 1617794 libc6-pic_2.13-38+deb7u9_amd64.deb
 51348aeab402a722f2af6e89dc7da87930ae9979 1273994 libc-bin_2.13-38+deb7u9_amd64.deb
 1c61afadf5b0ff2bcad00d4fb83b5f0599e071ea 227730 libc-dev-bin_2.13-38+deb7u9_amd64.deb
 2ae3137eb352914b065fbdd80527d9b95eb2a827 151598 multiarch-support_2.13-38+deb7u9_amd64.deb
 d7362e300a3943489aca78d665dae404dad6702e 3061924 locales-all_2.13-38+deb7u9_amd64.deb
 04603df69b864e575322d74040e675b07b53e352 3923172 libc6-i386_2.13-38+deb7u9_amd64.deb
 ad557189bc04fccbf0322f32d222d6de209fd2d5 1598590 libc6-dev-i386_2.13-38+deb7u9_amd64.deb
 98c7f569b3892f4f2c4e5f7f7269f40e5a2a44c4 216182 nscd_2.13-38+deb7u9_amd64.deb
 f35b4f2f52733893430abcb9025add6602d16e51 2596892 libc6-dbg_2.13-38+deb7u9_amd64.deb
 dfcfa4ce0177bf4f8aa551523ed441dcb1471b3a 945118 libc6-udeb_2.13-38+deb7u9_amd64.udeb
 e6484a37c5fa5ba43b3313be326f807270f571f1 10182 libnss-dns-udeb_2.13-38+deb7u9_amd64.udeb
 d3484c2c321dbb1514b332381e5c2d6c2e94cda8 16026 libnss-files-udeb_2.13-38+deb7u9_amd64.udeb
Checksums-Sha256: 
 6da3e9770d1c65f71828303af42e32f786beb6ffd068a468d69450b279a252bd 5370 eglibc_2.13-38+deb7u9.dsc
 1c6f1f901c6ff2b43d1411c4d69f82060f133346c9a4b170b0a86c5668b5e7d5 2032480 eglibc_2.13-38+deb7u9.diff.gz
 345dd5fbf50d2df21858ac706682004aba3c9111d66d04b0bf208452b36ff6f5 1898360 glibc-doc_2.13-38+deb7u9_all.deb
 69da4aeb347d7666e343888aca44138642fc63f3860d8e5ff2948d8a094abfe9 13566556 eglibc-source_2.13-38+deb7u9_all.deb
 06eead5446856696b85d61ffcba9cca0261033df57a73549f41a8afb012362bc 5654918 locales_2.13-38+deb7u9_all.deb
 5f3f51daaacfdeffa4477e936af08a76f6b5c53ce259045019d78184fff65d7b 4224614 libc6_2.13-38+deb7u9_amd64.deb
 f7503bcacd54c9985f270e51b40236fd19bdd20f9cdb13581517d62937089f0a 2662030 libc6-dev_2.13-38+deb7u9_amd64.deb
 75cdaade9d29ac960ceb69d5164585acba74966a9cf2d5d9b104c31cffb7657b 2111306 libc6-prof_2.13-38+deb7u9_amd64.deb
 6ec73a94cb01690cc71e7cb718bdf5f98f0a75b536a5b60e5927d4187e28636e 1617794 libc6-pic_2.13-38+deb7u9_amd64.deb
 ad0a6594f135eedc3857529cf4557ab5166427e3eec263d973f4bc838e875d17 1273994 libc-bin_2.13-38+deb7u9_amd64.deb
 0142da2fa4615ea5205d59f040211d6f5b545c22b8baa224d97df70463758cee 227730 libc-dev-bin_2.13-38+deb7u9_amd64.deb
 d8696f8cc379daae2ba750ac79341dd70394c6aeb40254f9f6927ac0d8331fca 151598 multiarch-support_2.13-38+deb7u9_amd64.deb
 cb92cdb2113032772ba4c760ff6b9323bee84a46ff3fe453f5b1fcbb88cdbcce 3061924 locales-all_2.13-38+deb7u9_amd64.deb
 d681bf3ac9eae7894ca2c6f99b9a32761468e1708ce67e8d61bf7065f203a56c 3923172 libc6-i386_2.13-38+deb7u9_amd64.deb
 107eee47d578ceacfc8f2ef3bb748cad32355cd2df4756a6f3ff91df81f4f987 1598590 libc6-dev-i386_2.13-38+deb7u9_amd64.deb
 f952c5a225ffd40d3c449641a25a22693a0c7df59fdc78edf8fadc18fa20bcc9 216182 nscd_2.13-38+deb7u9_amd64.deb
 12a2b36bf507e447b23f968f10e90e76fcf169f45ead5dfdf437c12dfd1cb1cf 2596892 libc6-dbg_2.13-38+deb7u9_amd64.deb
 7e8629526de3c3f5a584c11d4c79d17b7ea3c3ae8df4f248395645d7c945ba84 945118 libc6-udeb_2.13-38+deb7u9_amd64.udeb
 851b7691b95b74b48b65910d6315e8cad96c2214108020d0af3b0e554aa5d7a0 10182 libnss-dns-udeb_2.13-38+deb7u9_amd64.udeb
 88a2eaf036f47c7d6d355d5d198ce176ab1fe26081839630f565b58efb75c855 16026 libnss-files-udeb_2.13-38+deb7u9_amd64.udeb
Files: 
 3a59e15375397b1372f2d240905a409c 5370 libs required eglibc_2.13-38+deb7u9.dsc
 fe074de287b4bc832392516dc9b42a30 2032480 libs required eglibc_2.13-38+deb7u9.diff.gz
 cdbf36c20968257a0e160450da2a6367 1898360 doc optional glibc-doc_2.13-38+deb7u9_all.deb
 de01864e27cbb7219177ee8ac5d6e329 13566556 devel optional eglibc-source_2.13-38+deb7u9_all.deb
 387168c77a4b76f475526b4db2d09494 5654918 localization standard locales_2.13-38+deb7u9_all.deb
 28dcde5dad3e9a3d35e079135f5a74d2 4224614 libs required libc6_2.13-38+deb7u9_amd64.deb
 9d277c36930697b705850eab2ead3790 2662030 libdevel optional libc6-dev_2.13-38+deb7u9_amd64.deb
 71296d744ec73555a838b44e9612c628 2111306 libdevel extra libc6-prof_2.13-38+deb7u9_amd64.deb
 116d5661bff84838ad76d2be34541a31 1617794 libdevel optional libc6-pic_2.13-38+deb7u9_amd64.deb
 e98d9b3b1e2c039426242287814bb5df 1273994 libs required libc-bin_2.13-38+deb7u9_amd64.deb
 2bcd7a5ec6e73cf17e5d22d7045d4b3f 227730 libdevel optional libc-dev-bin_2.13-38+deb7u9_amd64.deb
 b3ffbc395cf1f35abae30d53b85b3118 151598 libs required multiarch-support_2.13-38+deb7u9_amd64.deb
 28914c5f4fd469260f5fd60e6281357e 3061924 localization extra locales-all_2.13-38+deb7u9_amd64.deb
 3213756781fc8d7f53cfa510c2a98cf4 3923172 libs optional libc6-i386_2.13-38+deb7u9_amd64.deb
 58ca64c4a5373411fa8a4e7c6e412a9e 1598590 libdevel optional libc6-dev-i386_2.13-38+deb7u9_amd64.deb
 9a55b3ed3980519b8e637f82c2fb38c4 216182 admin optional nscd_2.13-38+deb7u9_amd64.deb
 7094a52c65266f764a3119dbb0eff081 2596892 debug extra libc6-dbg_2.13-38+deb7u9_amd64.deb
 2643858971fcaf626209f44aaff4c992 945118 debian-installer extra libc6-udeb_2.13-38+deb7u9_amd64.udeb
 9bf192c7fe3344faef3e9832511f69c9 10182 debian-installer extra libnss-dns-udeb_2.13-38+deb7u9_amd64.udeb
 f86cf198408c3072f4b9e47cdad001ff 16026 debian-installer extra libnss-files-udeb_2.13-38+deb7u9_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWd70uAAoJELqceAYd3YybCGkQALnCExqhv0dWM+wedYB70bs/
LmCHQNPRtgmXDkGsG7v46AnUbOA7+eiNh+zxmbzdo9gvDHBhZppX1QPq05D164Jb
ZJkmoIm8DdUdaMQTRrkhoJyu/CDeTsRo+wazmtQdB8+pzkt/UV3bfaRxQAFiood4
tzzB1pFPcflF3PIgT+YNntVGl60uqXinClUY4rBoHK/ZMGHozf9PsY8Yj3tzeGRc
W4wwXOgQ2vjVB5CE3Ptq/zbM5D70jY8pLHAwnddmO8//3Bp4d6kcIZInsJZjofkM
o24zWvH86wM08asNOtZPYYG2+XOCUxYW5jPnUgPYcHGKuOCFKkl1vYQQqw1b82Xm
4+Z32jV0zhbPJe4ADiQWLYV6H8+fLNa/xgYQVQ44Lpmat2nNQRchFVlZc/NEgY8C
56P2uoeNYzL5Lz79klKWJ+39PUzuO085IMVoS/DSJ5LWQgXvnKRgylyh8oaaa7HG
lrIGi6mlOc5O8tisd0rkgVTpArmvGkGvK9igp7ZjBNK7XW8uY0/LuL93crexHGC7
1ru1NwxW/+pRuWFnIe8m6RGKWDeGmGXh5m5C2ItBfzJ6sNyiNymNAJEqVXmsgxsD
mHfLs34d4wGBC+JNN6EEjFtynE+EwBxP+EfdMNDjmrwVEaEOReKrh8dg78hqBYWT
8ydk/cEUdFGUaBSElA/1
=KLY6
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: