Debian Bug report logs -
#776391
[CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Reported by: Ondřej Surý <ondrej@debian.org>
Date: Tue, 27 Jan 2015 15:33:01 UTC
Severity: grave
Tags: security, squeeze, upstream, wheezy
Found in versions 2.11.3-4, 2.13-38+deb7u6
Fixed in versions 2.18-1, 2.13-38+deb7u7, 2.11.3-4+deb6u4
Done: Aurelien Jarno <aurelien@aurel32.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#776391
; Package libc6
.
(Tue, 27 Jan 2015 15:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Ondřej Surý <ondrej@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Tue, 27 Jan 2015 15:33:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libc6
Version: 2.19-13
Severity: grave
Tags: security upstream
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
as this has been made public, let's fix it quickly (it might even be a
critical as this is remote):
From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
> A heap-based buffer overflow was found in
> __nss_hostname_digits_dots(), which is used by the gethostbyname()
> and gethostbyname2() glibc function call. A remote attacker could
> use this flaw to execute arbitary code with the permissions of the
> user running the application.
Upstream patch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
Public announcement:
http://www.frsag.org/pipermail/frsag/2015-January/005722.html
Cheers,
Ondrej
- -- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libc6 depends on:
ii libgcc1 1:4.9.1-19
libc6 recommends no packages.
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.55
pn glibc-doc <none>
ii locales 2.19-13
ii locales-all [locales] 2.19-13
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUx6oxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy
Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK
56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl
XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076
rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD
wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI
QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq
5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0
0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru
ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw
IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W
YB3rV1cN3Um3W6f+8SoB
=g7tZ
-----END PGP SIGNATURE-----
Reply sent
to Florian Weimer <fw@deneb.enyo.de>
:
You have taken responsibility.
(Tue, 27 Jan 2015 15:45:15 GMT) (full text, mbox, link).
Notification sent
to Ondřej Surý <ondrej@debian.org>
:
Bug acknowledged by developer.
(Tue, 27 Jan 2015 15:45:15 GMT) (full text, mbox, link).
Message #10 received at 776391-done@bugs.debian.org (full text, mbox, reply):
Version: 2.18-1
* Ondřej Surý:
> as this has been made public, let's fix it quickly (it might even be a
> critical as this is remote):
Already fixed in jessie/sid. I've just sent out the DSA as well.
Bug reassigned from package 'libc6' to 'eglibc'.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:00:16 GMT) (full text, mbox, link).
No longer marked as found in versions glibc/2.19-13.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:00:16 GMT) (full text, mbox, link).
No longer marked as fixed in versions 2.18-1.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:00:17 GMT) (full text, mbox, link).
Marked as found in versions 2.11.3-4.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:00:18 GMT) (full text, mbox, link).
Bug reopened
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:03:09 GMT) (full text, mbox, link).
Marked as found in versions 2.13-38+deb7u6.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:03:10 GMT) (full text, mbox, link).
Marked as fixed in versions 2.18-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:09:13 GMT) (full text, mbox, link).
Marked as fixed in versions 2.13-38+deb7u7.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 27 Jan 2015 16:24:05 GMT) (full text, mbox, link).
Marked as fixed in versions 2.11.3-4+deb6u4.
Request was from Holger Levsen <holger@layer-acht.org>
to control@bugs.debian.org
.
(Wed, 28 Jan 2015 11:42:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#776391
; Package eglibc
.
(Mon, 02 Feb 2015 13:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Martin von Wittich <martin.von.wittich@iserv.eu>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Mon, 02 Feb 2015 13:33:04 GMT) (full text, mbox, link).
Message #33 received at 776391@bugs.debian.org (full text, mbox, reply):
The libc update unfortunately failed to restart the affected services
because the postinst only does that when updating from a version < 2.13:
/var/lib/dpkg/info/libc6:i386.postinst:
142: if dpkg --compare-versions "$preversion" lt 2.13; then
Could this be changed so that this update restarts most of the affected
services?
--
Mit freundlichen Grüßen,
Martin v. Wittich
IServ GmbH
Bültenweg 73
38106 Braunschweig
Telefon: 0531-2243666-0
Fax: 0531-2243666-9
E-Mail: info@iserv.eu
Internet: iserv.eu
USt-IdNr. DE265149425 | Amtsgericht Braunschweig | HRB 201822
Geschäftsführer: Benjamin Heindl, Jörg Ludwig
Added tag(s) squeeze and wheezy.
Request was from Ivo De Decker <ivodd@debian.org>
to control@bugs.debian.org
.
(Sat, 28 Feb 2015 08:48:04 GMT) (full text, mbox, link).
Reply sent
to "Interfax" <incoming@interfax.net>
:
You have taken responsibility.
(Wed, 28 Oct 2015 12:54:05 GMT) (full text, mbox, link).
Notification sent
to Ondřej Surý <ondrej@debian.org>
:
Bug acknowledged by developer.
(Wed, 28 Oct 2015 12:54:05 GMT) (full text, mbox, link).
Bug reopened
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org
.
(Wed, 28 Oct 2015 13:03:12 GMT) (full text, mbox, link).
No longer marked as fixed in versions 2.11.3-4+deb6u4, 2.18-1, and 2.13-38+deb7u7.
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org
.
(Wed, 28 Oct 2015 13:03:13 GMT) (full text, mbox, link).
Marked as fixed in versions 2.18-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 28 Oct 2015 14:45:25 GMT) (full text, mbox, link).
Marked as fixed in versions 2.13-38+deb7u7.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 28 Oct 2015 14:45:26 GMT) (full text, mbox, link).
Marked as fixed in versions 2.11.3-4+deb6u4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 28 Oct 2015 14:45:27 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurelien@aurel32.net>
:
You have taken responsibility.
(Wed, 28 Oct 2015 20:45:14 GMT) (full text, mbox, link).
Notification sent
to Ondřej Surý <ondrej@debian.org>
:
Bug acknowledged by developer.
(Wed, 28 Oct 2015 20:45:14 GMT) (full text, mbox, link).
Message #55 received at 776391-done@bugs.debian.org (full text, mbox, reply):
On 2015-10-28 14:45, Debian Bug Tracking System wrote:
> Processing commands for control@bugs.debian.org:
>
> > fixed 776391 2.18-1
> Bug #776391 [eglibc] [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
> There is no source info for the package 'eglibc' at version '2.18-1' with architecture ''
> Unable to make a source version for version '2.18-1'
> Marked as fixed in versions 2.18-1.
> > fixed 776391 2.13-38+deb7u7
> Bug #776391 [eglibc] [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
> There is no source info for the package 'eglibc' at version '2.13-38+deb7u7' with architecture ''
> Unable to make a source version for version '2.13-38+deb7u7'
> Marked as fixed in versions 2.13-38+deb7u7.
> > fixed 776391 2.11.3-4+deb6u4
> Bug #776391 [eglibc] [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
> There is no source info for the package 'eglibc' at version '2.11.3-4+deb6u4' with architecture ''
> Unable to make a source version for version '2.11.3-4+deb6u4'
> Marked as fixed in versions 2.11.3-4+deb6u4.
> > thanks
> Stopping processing here.
As the bug is fixed in all releases, let's close the bug so that it gets
archived.
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 26 Nov 2015 07:35:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:46:24 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.