Bug#776391: marked as done ([CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots())

To: Florian Weimer <fw@deneb.enyo.de>
Subject: Bug#776391: marked as done ([CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots())
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 27 Jan 2015 15:45:15 +0000
Message-id: <[🔎] handler.776391.D776391.14223732209887.ackdone@bugs.debian.org>
References: <877fw81bc0.fsf@mid.deneb.enyo.de> <[🔎] 20150127150938.18540.43122.reportbug@lettie.nic.cz>

Your message dated Tue, 27 Jan 2015 16:40:15 +0100
with message-id <877fw81bc0.fsf@mid.deneb.enyo.de>
and subject line Re: Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
has caused the Debian Bug report #776391,
regarding [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
776391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
From: Ondřej Surý <ondrej@debian.org>
Date: Tue, 27 Jan 2015 16:09:38 +0100
Message-id: <[🔎] 20150127150938.18540.43122.reportbug@lettie.nic.cz>

Package: libc6
Version: 2.19-13
Severity: grave
Tags: security upstream
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

as this has been made public, let's fix it quickly (it might even be a
critical as this is remote):

From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235

> A heap-based buffer overflow was found in
> __nss_hostname_digits_dots(), which is used by the gethostbyname()
> and gethostbyname2() glibc function call. A remote attacker could
> use this flaw to execute arbitary code with the permissions of the
> user running the application.

Upstream patch:

https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd

Public announcement:

http://www.frsag.org/pipermail/frsag/2015-January/005722.html

Cheers,
Ondrej

- -- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libc6 depends on:
ii  libgcc1  1:4.9.1-19

libc6 recommends no packages.

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.55
pn  glibc-doc              <none>
ii  locales                2.19-13
ii  locales-all [locales]  2.19-13

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUx6oxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy
Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK
56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl
XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076
rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD
wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI
QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq
5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0
0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru
ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw
IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W
YB3rV1cN3Um3W6f+8SoB
=g7tZ
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

To: Ondřej Surý <ondrej@debian.org>

Cc: 776391-done@bugs.debian.org

Subject: Re: Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()

From: Florian Weimer <fw@deneb.enyo.de>

Date: Tue, 27 Jan 2015 16:40:15 +0100

Message-id: <877fw81bc0.fsf@mid.deneb.enyo.de>

In-reply-to: <[🔎] 20150127150938.18540.43122.reportbug@lettie.nic.cz> ("Ondřej Surý"'s message of "Tue, 27 Jan 2015 16:09:38 +0100")

References: <[🔎] 20150127150938.18540.43122.reportbug@lettie.nic.cz>
Version: 2.18-1

* Ondřej Surý:

> as this has been made public, let's fix it quickly (it might even be a
> critical as this is remote):

Already fixed in jessie/sid.  I've just sent out the DSA as well.
--- End Message ---

Reply to:

References:
- Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
  - From: Ondřej Surý <ondrej@debian.org>

Prev by Date: Processing of eglibc_2.13-38+deb7u7_amd64.changes
Next by Date: eglibc_2.13-38+deb7u7_amd64.changes ACCEPTED into proposed-updates->stable-new
Previous by thread: Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Next by thread: Processing of eglibc_2.13-38+deb7u7_amd64.changes
Index(es):
- Date
- Thread