]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: aa2e02a) | patch
glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
authorHaris Okanovic <haris.okanovic@ni.com>
Fri, 15 May 2015 21:57:11 +0000 (16:57 -0500)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 16 May 2015 21:37:21 +0000 (22:37 +0100)
commitc0f0b6e6ef1edc0a9f9e1ceffb1cdbbef2e409c6
treeace3396f4523421002f79e6cf5e8f0e1985a90bftree | snapshot
parentaa2e02a4f78d87bd466bbf92ca57147066c5367fcommit | diff
glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow

Backport Arjun Shankar's patch for CVE-2015-1781:

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. An attacker able to make an application call
any of these functions with a misaligned buffer could use this flaw to
crash the application or, potentially, execute arbitrary code with the
permissions of the user running the application.

https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Reviewed-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch [new file with mode: 0644] blob
meta/recipes-core/glibc/glibc_2.21.bb diff | blob | history
Mirror of the official openembedded-core repository