FS#48213 : [glibc] bug, CVE2016-7547

FS#48213 - [glibc] bug, CVE2016-7547

Attached to Project: Arch Linux
Opened by Ingo Albrecht (indigo) - Tuesday, 16 February 2016, 19:06 GMT
Last edited by Allan McRae (Allan) - Wednesday, 17 February 2016, 05:29 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Allan McRae (Allan)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	9 Ruben Kelevra (RubenKelevra) (2016-02-17) Wyatt J. Brown (sushidude) (2016-02-17) Askhat Bakarov (sirocco) (2016-02-17) Tom (tomarchbug) (2016-02-16) Pascal Ernster (hardfalcon) (2016-02-16) Rich Li (richli) (2016-02-16) Andrey Vihrov (andreyv) (2016-02-16) Jens Adam (byte) (2016-02-16) Matt Corallo (BlueMatt) (2016-02-16)
Private	No

Details

Description:

Bug to track remote exploitable:
CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow

Additional info:
* glibc & lib32-glibc <= 2.22-3

[1] Disclosure: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
[2] Disclousre: https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
[3] Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18665

Steps to reproduce:
see above links

This task depends upon

Closed by Allan McRae (Allan)
Wednesday, 17 February 2016, 05:29 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.22-4

Comment by Ingo Albrecht (indigo) - Tuesday, 16 February 2016, 19:11 GMT

(description should read CVE2015-7547 not 2016)

Comment by Matt Corallo (BlueMatt) - Tuesday, 16 February 2016, 20:34 GMT

Associated patch is at https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

Comment by Pascal Ernster (hardfalcon) - Tuesday, 16 February 2016, 21:18 GMT

That patch needs a few changes for hunk #6 to actually work. I've attached the adapted version.

I've built the glibc package successfully with this patch, and am currently running it on 3-4 of my boxes, without any problems/crashes so far.

CVE-2015-7547-archlinux.patch (23.3 KiB)

Comment by Levente Polyak (anthraxx) - Tuesday, 16 February 2016, 23:39 GMT

just to confirm, patch looks legit, diff between upstream:

313c330
< @@ -767,36 +855,14 @@ send_vc(res_state statp,
---
> @@ -767,40 +855,14 @@ send_vc(res_state statp,
328a346
> -#if __GNUC_PREREQ (4, 7)
330a349
> -#endif
340a360
> -#if __GNUC_PREREQ (4, 7)
341a362
> -#endif
550a572
>

Comment by Sebastian Götte (jaseg) - Wednesday, 17 February 2016, 00:51 GMT

Can confirm this patch building and (for now) working on one pretty basic install (ssh, mosh, weechat on x86_64).

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#48220 - [glibc] Please fix CVE-2015-7547 immediately~~

Arch Linux

FS#48213 - [glibc] bug, CVE2016-7547

Details

Loading...