From: Haris Okanovic <haris.okanovic@ni.com>
To: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 2/2] glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
Date: Fri, 08 May 2015 10:50:03 -0500 [thread overview]
Message-ID: <554CDB2B.2090607@ni.com> (raw)
In-Reply-To: <1431040791-6559-2-git-send-email-haris.okanovic@ni.com>
On 05/07/2015 06:19 PM, Haris Okanovic wrote:
> Backport Arjun Shankar's patch for CVE-2015-1781:
>
> A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
> other related functions computed the size of a buffer when passed a
> misaligned buffer as input. An attacker able to make an application call
> any of these functions with a misaligned buffer could use this flaw to
> crash the application or, potentially, execute arbitrary code with the
> permissions of the user running the application.
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=18287
>
> Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
> Signed-off-by: Ken Sharp <ken.sharp@ni.com>
> Reviewed-by: Rich Tollerton <rich.tollerton@ni.com>
> ---
Note that this patch is to apply to the Dizzy branch of
openembedded-core (glibc 2.20). It might cleanly apply to other branches
also using glibc 2.20, but I've only tested with Dizzy.
CVE-2015-1781 is fixed in glibc 2.22 and later.
Thanks,
Haris
next prev parent reply other threads:[~2015-05-08 15:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1431040791-6559-1-git-send-email-haris.okanovic@ni.com>
2015-05-08 15:47 ` [PATCH 1/2] glibc: CVE-2015-1472: wscanf allocates too little memory Haris Okanovic
2015-05-08 19:45 ` akuster808
[not found] ` <1431040791-6559-2-git-send-email-haris.okanovic@ni.com>
2015-05-08 15:50 ` Haris Okanovic [this message]
2015-05-14 20:39 ` [PATCH 2/2] glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow Burton, Ross
2015-05-15 21:29 ` Haris Okanovic
2015-05-08 14:28 [PATCH 1/2] glibc: CVE-2015-1472: wscanf allocates too little memory Haris Okanovic
2015-05-08 14:28 ` [PATCH 2/2] glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow Haris Okanovic
2015-05-08 16:25 ` Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=554CDB2B.2090607@ni.com \
--to=haris.okanovic@ni.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.