[manjaro-security] [arch-security] [ASA-201602-15] lib32-glibc: multiple issues

Levente Polyak anthraxx at archlinux.org
Wed Feb 17 18:17:12 CET 2016


Arch Linux Security Advisory ASA-201602-15
==========================================

Severity: Critical
Date    : 2016-02-17
CVE-ID  : CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778
          CVE-2015-8779
Package : lib32-glibc
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package lib32-glibc before version 2.22-4 is vulnerable to multiple
issues including but not limited to arbitrary code execution,
information disclosure and denial of service.
It is advised to restart all services that may perform DNS lookups.

Resolution
==========

Upgrade to 2.22-4.

# pacman -Syu "lib32-glibc>=2.22-4"

The problems have been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

- CVE-2015-7547 (arbitrary code execution)

A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from
the nss_dns NSS service module.

- CVE-2015-8776 (information disclosure)

It was found that out-of-range time values passed to the strftime
function may cause it to crash, leading to a denial of service, or
potentially disclosure information.

- CVE-2015-8777 (restriction bypass)

LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries
(in AT_SECURE mode). This might allow local attackers (who can supply
the environment variable) to bypass intended security restrictions.

- CVE-2015-8778 (arbitrary code execution)

An integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access.  This could lead to application crashes
or, potentially, arbitrary code execution.

- CVE-2015-8779 (arbitrary code execution)

A stack overflow (unbounded alloca) in the catopen function can cause
applications which pass long strings to the catopen function to crash
or, potentially execute arbitrary code.

Impact
======

A remote attacker is able to execute arbitrary code, potentially
disclosure sensitive information or perform a denial of service attack
via multiple vectors.

References
==========

https://access.redhat.com/security/cve/CVE-2015-7547
https://access.redhat.com/security/cve/CVE-2015-8776
https://access.redhat.com/security/cve/CVE-2015-8777
https://access.redhat.com/security/cve/CVE-2015-8778
https://access.redhat.com/security/cve/CVE-2015-8779
http://seclists.org/oss-sec/2016/q1/153

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20160217/c64f451c/attachment.pgp>


More information about the manjaro-security mailing list