Arch Linux Security Advisory ASA-201602-15 ========================================== Severity: Critical Date : 2016-02-17 CVE-ID : CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Package : lib32-glibc Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-glibc before version 2.22-4 is vulnerable to multiple issues including but not limited to arbitrary code execution, information disclosure and denial of service. It is advised to restart all services that may perform DNS lookups. Resolution ========== Upgrade to 2.22-4. # pacman -Syu "lib32-glibc>=2.22-4" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2015-7547 (arbitrary code execution) A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. - CVE-2015-8776 (information disclosure) It was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. - CVE-2015-8777 (restriction bypass) LD_POINTER_GUARD was an environment variable which controls security-related behavior, but was not ignored for privileged binaries (in AT_SECURE mode). This might allow local attackers (who can supply the environment variable) to bypass intended security restrictions. - CVE-2015-8778 (arbitrary code execution) An integer overflow in hcreate and hcreate_r which can result in an out-of-bound memory access. This could lead to application crashes or, potentially, arbitrary code execution. - CVE-2015-8779 (arbitrary code execution) A stack overflow (unbounded alloca) in the catopen function can cause applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. Impact ====== A remote attacker is able to execute arbitrary code, potentially disclosure sensitive information or perform a denial of service attack via multiple vectors. References ========== https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/cve/CVE-2015-8776 https://access.redhat.com/security/cve/CVE-2015-8777 https://access.redhat.com/security/cve/CVE-2015-8778 https://access.redhat.com/security/cve/CVE-2015-8779 http://seclists.org/oss-sec/2016/q1/153