[arch-security] [ASA-201602-15] lib32-glibc: multiple issues
anthraxx at archlinux.org
Wed Feb 17 17:17:12 UTC 2016
Arch Linux Security Advisory ASA-201602-15
Date : 2016-02-17
CVE-ID : CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778
Package : lib32-glibc
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package lib32-glibc before version 2.22-4 is vulnerable to multiple
issues including but not limited to arbitrary code execution,
information disclosure and denial of service.
It is advised to restart all services that may perform DNS lookups.
Upgrade to 2.22-4.
# pacman -Syu "lib32-glibc>=2.22-4"
The problems have been fixed upstream but no release is available yet.
- CVE-2015-7547 (arbitrary code execution)
A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from
the nss_dns NSS service module.
- CVE-2015-8776 (information disclosure)
It was found that out-of-range time values passed to the strftime
function may cause it to crash, leading to a denial of service, or
potentially disclosure information.
- CVE-2015-8777 (restriction bypass)
LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries
(in AT_SECURE mode). This might allow local attackers (who can supply
the environment variable) to bypass intended security restrictions.
- CVE-2015-8778 (arbitrary code execution)
An integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access. This could lead to application crashes
or, potentially, arbitrary code execution.
- CVE-2015-8779 (arbitrary code execution)
A stack overflow (unbounded alloca) in the catopen function can cause
applications which pass long strings to the catopen function to crash
or, potentially execute arbitrary code.
A remote attacker is able to execute arbitrary code, potentially
disclosure sensitive information or perform a denial of service attack
via multiple vectors.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security