Vulnerability CVE-2015-1781: Information
Description
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
Severity: MEDIUM (6.8)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| glibc | sisyphus | 2.22-alt1 | 2.38.0.76.e9f05fa1c6-alt1 | ALT-PU-2015-2084-1 | 153835 | Fixed |
| glibc | p10 | 2.22-alt1 | 2.32-alt5.p10.3 | ALT-PU-2015-2084-1 | 153835 | Fixed |
| glibc | p9 | 2.22-alt1 | 2.27-alt14 | ALT-PU-2015-2084-1 | 153835 | Fixed |
| glibc | c10f1 | 2.22-alt1 | 2.32-alt5.p10.2 | ALT-PU-2015-2084-1 | 153835 | Fixed |
| glibc | c9f2 | 2.22-alt1 | 2.27-alt14 | ALT-PU-2015-2084-1 | 153835 | Fixed |
| glibc | c7 | 2.17-alt5.M70C.8 | 2.17-alt5.M70C.14 | ALT-PU-2016-1274-1 | 161571 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=18287 |
|
| [libc-alpha] 20150814 The GNU C Library version 2.22 is now available |
|
| SUSE-SU-2015:1424 |
|
| RHSA-2015:0863 |
|
| 74255 |
|
| SUSE-SU-2016:0470 |
|
| USN-2985-2 |
|
| USN-2985-1 |
|
| GLSA-201602-02 |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html |
|
| 1032178 |
|
| DSA-3480 |
|
| FEDORA-2016-0480defc94 |
|
| https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=2959eda9272a03386 |