Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
From: Ondřej Surý <ondrej@debian.org>
Date: Tue, 27 Jan 2015 16:09:38 +0100
Message-id: <[🔎] 20150127150938.18540.43122.reportbug@lettie.nic.cz>
Reply-to: Ondřej Surý <ondrej@debian.org>, 776391@bugs.debian.org

Package: libc6
Version: 2.19-13
Severity: grave
Tags: security upstream
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

as this has been made public, let's fix it quickly (it might even be a
critical as this is remote):

From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235

> A heap-based buffer overflow was found in
> __nss_hostname_digits_dots(), which is used by the gethostbyname()
> and gethostbyname2() glibc function call. A remote attacker could
> use this flaw to execute arbitary code with the permissions of the
> user running the application.

Upstream patch:

https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd

Public announcement:

http://www.frsag.org/pipermail/frsag/2015-January/005722.html

Cheers,
Ondrej

- -- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libc6 depends on:
ii  libgcc1  1:4.9.1-19

libc6 recommends no packages.

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.55
pn  glibc-doc              <none>
ii  locales                2.19-13
ii  locales-all [locales]  2.19-13

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUx6oxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy
Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK
56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl
XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076
rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD
wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI
QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq
5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0
0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru
ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw
IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W
YB3rV1cN3Um3W6f+8SoB
=g7tZ
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#776391: marked as done ([CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots())
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: r6340 - glibc-package/trunk/debian
Next by Date: Processing of eglibc_2.13-38+deb7u7_amd64.changes
Previous by thread: r6340 - glibc-package/trunk/debian
Next by thread: Bug#776391: marked as done ([CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots())
Index(es):
- Date
- Thread