FreeBSD Bugzilla – Attachment 167116 Details for
Bug 207272
emulators/linux_base-c6: fix CVE-2015-7547
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
add vuxml entry
linux_base-c6-VUXML.diff (text/plain), 2.09 KB, created by
Johannes Jost Meixner
on 2016-02-17 18:29:19 UTC
(
hide
)
Description:
add vuxml entry
Filename:
MIME Type:
Creator:
Johannes Jost Meixner
Created:
2016-02-17 18:29:19 UTC
Size:
2.09 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 409057) >+++ security/vuxml/vuln.xml (working copy) >@@ -57,6 +57,48 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="8e4665da-d5a2-11e5-a09d-c485083ca99c"> >+ <topic>glibc -- stack-based buffer overflow</topic> >+ <affects> >+ <package> >+ <name>linux_base-c6</name> >+ <name>linux_base-c6_64</name> >+ <range><lt>6.7_1</lt></range> >+ </package> >+ <package> >+ <name>linux_base-f10</name> >+ <name>linux_base-c6_64</name> >+ <range><ge>0</ge></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Fabio Olive Leite reports:</p> >+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547"> >+ <p>A stack-based buffer overflow was found in libresolv when invoked >+ from nss_dns, allowing specially crafted DNS responses to seize control of >+ EIP in the DNS client. >+ >+ The buffer overflow occurs in the functions send_dg (send datagram) and >+ send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling >+ getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The >+ use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver >+ code to send out two parallel queries for A and AAAA. A mismanagement of >+ the buffers used for those queries could result in the response of a query >+ writing beyond the alloca allocated buffer created by __res_nquery.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547</url> >+ <url>https://googleonlinesecurity.blogspot.com.ee/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html</url> >+ </references> >+ <dates> >+ <discovery>2016-02-16</discovery> >+ <entry>2016-02-17</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="dd563930-d59a-11e5-8fa8-14dae9d210b8"> > <topic>adminer -- remote code execution</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=167116">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 207272
:
167106
|
167115
| 167116