[yocto] HEADSUP - CVE 2015-023 remote code execution in glibc
Sona Sarmadi
sona.sarmadi at enea.com
Thu Jan 29 02:06:46 PST 2015
> Subject: Re: [yocto] HEADSUP - CVE 2015-023 remote code execution in glibc
> Alexandr,
> On 01/28/2015 03:17 AM, Damian, Alexandru wrote:
>> More details
>>
>>http://www.openwall.com/lists/oss-security/2015/01/27/9
>>
>> redhat bug and patch
>>
>>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
>>
>> Do we need to open a bug to track this ?
> I am working on patches already. if you opened a bug, please send me the #.
> - Armin
Hi guys,
I opened a bug for this yesterday, (Bug 7258 - glibc: __nss_hostname_digits_dots() heap-based buffer overflow (CVE-2015-0235)) but closed it since this doesn't affect us.
There is another glibc issue (CVE-2013-7423?) being discussed, I think this is also fixed in 2.20.
<solardiz> glibc "getaddrinfo() writes DNS queries to random file descriptors under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946 "Fixed in 2.20"
//Sona
More information about the yocto
mailing list