OpenSuSE has issued an advisory today (December 24): http://lists.opensuse.org/opensuse-updates/2015-12/msg00106.html Thomas already included the patch for this in Cauldron. All details are on the SuSE bug: https://bugzilla.suse.com/show_bug.cgi?id=950944 This is a minor issue, so you could queue the fix for this for a future update. Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/669159/
glibc 2.23 fixes this issue and four others. CVE request: http://openwall.com/lists/oss-security/2016/01/19/11
CVE assignments have been made here: http://openwall.com/lists/oss-security/2016/01/20/1 There seems to be a difference of opinion as to what constitutes a security vulnerability in glibc. Interesting. Anyway, it sounds like probably none of these are serious. CVE assignments are: BZ #18985 - CVE-2015-8776 BZ #18928 - CVE-2015-8777 BZ #18240 - CVE-2015-8778 BZ #16962 - CVE-2014-9761 BZ #17905 - CVE-2015-8779
Summary: glibc new security issue fixed upstream in 2.23 [BZ #18928] => glibc new security issues fixed upstream in 2.23
LWN reference for some of the new CVEs: http://lwn.net/Vulnerabilities/674835/ Debian-LTS has issued an advisory for this on February 5: http://lwn.net/Alerts/674800/
RedHat has issued an advisory today (February 16): https://rhn.redhat.com/errata/RHSA-2016-0176.html CVE-2015-7547 is critical and likely affects us. CVE-2015-5229 is low severity and may not affect us, I'm not sure.
Summary: glibc new security issues fixed upstream in 2.23 => glibc new security issues fixed upstream in 2.23 and moreSeverity: normal => critical
Debian has issued an advisory for some of these CVEs today (February 16): https://lists.debian.org/debian-security-announce/2016/msg00051.html https://www.debian.org/security/2016/dsa-3481
LWN reference for CVE-2015-7547: http://lwn.net/Vulnerabilities/675830/
From the Google blog post, PoC for CVE-2015-7547: https://github.com/fjserna/CVE-2015-7547
OpenSuSE has issued an advisory for several CVEs today (February 17): http://lists.opensuse.org/opensuse-updates/2016-02/msg00103.html
LWN reference for CVE-2015-5229: http://lwn.net/Vulnerabilities/676082/
CC: (none) => eeeemail
what about this one ? is someone working on it ?
CC: (none) => mageia
(In reply to Nicolas Lécureuil from comment #10) > what about this one ? is someone working on it ? Seems it has been fixed for Cauldron already via http://svnweb.mageia.org/packages?view=revision&revision=966898 And well, nobody changed the bug into ASSIGNED state, so probably noone working on it for mga5, I'd guess. But we should really get a fix out at the very least for CVE-2015-7547 urgently. Although it's probably not a good idea to hastily update to 2.23 IMHO. Upstream fix from 2.21 branch doesn't apply cleanly: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=16d0a0ce7613552301786bf05d7eba8784b5732c But FWIW, seems someone already rediffed the upstream patch for glibc 2.20: https://gist.github.com/sstiller/d277b77a3b60805f9d7b
CC: (none) => doktor5000
Work is in progress
Status: NEW => ASSIGNED
CVE-2015-5229 is RH feature backport specific, so not for us Advisory: Updated glibc fixes the following security issues: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code (CVE-2014-9761). A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (CVE-2015-7547). Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (CVE-2015-8776). Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (CVE-2015-8777). Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (CVE-2015-8778). A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code (CVE-2015-8779). SRPM: glibc-2.20-21.mga5.src.rpm i586: glibc-2.20-21.mga5.i586.rpm glibc-devel-2.20-21.mga5.i586.rpm glibc-doc-2.20-21.mga5.noarch.rpm glibc-i18ndata-2.20-21.mga5.i586.rpm glibc-profile-2.20-21.mga5.i586.rpm glibc-static-devel-2.20-21.mga5.i586.rpm glibc-utils-2.20-21.mga5.i586.rpm nscd-2.20-21.mga5.i586.rpm x86_64: glibc-2.20-21.mga5.x86_64.rpm glibc-devel-2.20-21.mga5.x86_64.rpm glibc-doc-2.20-21.mga5.noarch.rpm glibc-i18ndata-2.20-21.mga5.x86_64.rpm glibc-profile-2.20-21.mga5.x86_64.rpm glibc-static-devel-2.20-21.mga5.x86_64.rpm glibc-utils-2.20-21.mga5.x86_64.rpm nscd-2.20-21.mga5.x86_64.rpm
Hardware: i586 => AllAssignee: tmb => qa-bugs
updated system to latest, then installed: glibc-2.20-21.mga5.i586.rpm nscd-2.20-21.mga5.i586.rpm rebooted, no issues noted
CC: (none) => westel
Tested mga5 64 Installed updates, rebooted. Checked the interwebs. Confirmed patches applied, line 330 - 343 & 577-584. http://svnweb.mageia.org/packages/updates/5/glibc/current/SPECS/glibc.spec?view=markup&pathrev=967476 Validating. Will upload advisory shortly.
Whiteboard: (none) => has_procedure mga5-32-ok mga5-64-ok
Tested mga5_64, Testing complete for new glibc-2.20-21.mga5, all seems to work properly here too.
CC: (none) => geiger.david68210
Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure advisory mga5-32-ok mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0079.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Just to have this on record - 3 hours from building to testing and release. Thanks everybody for availing your time to this priority update.