[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fsuk-manchester] Fwd: [oss-security] CVE-2015-7547: stack-based buffer
From: |
Simon Ward |
Subject: |
[Fsuk-manchester] Fwd: [oss-security] CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function |
Date: |
Wed, 17 Feb 2016 12:14:43 +0000 |
User-agent: |
Kaiten Mail |
Mike asked me to send this to the list...
See message and links below from the oss-security mailing list. Buffer overflow
in the glibc resolver could allow a man-in-the-middle attacker, or possibly
someone controlling a malicious DNS server, to execute arbitrary code on the
system. Updates are available for at least Debian, Red Hat, SUSE, and Ubuntu.
Simon
-------- Original Message --------
From: Florian Weimer <address@hidden>
Sent: 16 February 2016 14:17:05 GMT+00:00
To: address@hidden
Subject: [oss-security] CVE-2015-7547: stack-based buffer overflow in glibc's
getaddrinfo function
Hi,
today, we are disclosing a vulnerability in the nss_dns backend for
getaddrinfo, related to handling dual A/AAAA queries:
The security impact of this issue was discovered roughly at the same
time by the Google Security Team and Red Hat.
Background information:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
Thanks,
Florian
--
Sent from Kaiten Mail. Please excuse my brevity.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fsuk-manchester] Fwd: [oss-security] CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function,
Simon Ward <=