Bug 1144019
| Summary: | CVE-2013-7423 glibc: getaddrinfo() sends DNS queries to random file descriptors [rhel-6.7] | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Russ Zaleski <rzaleski> | ||||||||||
| Component: | glibc | Assignee: | Carlos O'Donell <codonell> | ||||||||||
| Status: | CLOSED ERRATA | QA Contact: | Arjun Shankar <ashankar> | ||||||||||
| Severity: | high | Docs Contact: | |||||||||||
| Priority: | urgent | ||||||||||||
| Version: | 6.5 | CC: | alanm, ashankar, bhubbard, bugproxy, codonell, fweimer, hannsj_uhl, mcermak, michael.moser, mpoole, mprpic, pandrade, pfrankli, rzaleski, sardella, spoyarek | ||||||||||
| Target Milestone: | rc | Keywords: | ZStream | ||||||||||
| Target Release: | 6.7 | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | Linux | ||||||||||||
| Whiteboard: | GSSApproved | ||||||||||||
| Fixed In Version: | glibc-2.12-1.158.el6 | Doc Type: | Bug Fix | ||||||||||
| Doc Text: |
NO PUBLIC DOC TEXT.
|
Story Points: | --- | ||||||||||
| Clone Of: | |||||||||||||
| : | 1339960 1339962 (view as bug list) | Environment: | |||||||||||
| Last Closed: | 2015-07-22 06:14:36 UTC | Type: | Bug | ||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Embargoed: | |||||||||||||
| Bug Depends On: | |||||||||||||
| Bug Blocks: | 1113597, 1187109, 1339960, 1339962 | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Russ Zaleski
2014-09-18 13:09:29 UTC
*** Bug 1148326 has been marked as a duplicate of this bug. *** Created attachment 943410 [details]
Provided bug verification
default comment by bridge
The present plan is to consider this for RHEL 6.7, and consider its inclusion into an asynchronous update to help RHEL 6.6 customers. We will keep you updated as our planning and development continues. ------- Comment From timkoh.com 2014-10-07 08:43 EDT------- Hello, Thank you for your reply. I have done some further investigation regarding the glibc issue and have been spending time trying to reproduce the issue on different versions of RHEL. I noticed that this bug is not reproducible in RHEL 6.6 Beta snapshot 5 and RHEL 7 GA. Below are some of the reproduction results I have compiled: - Reproduced bug on RHEL 6.3 with glibc-2.12-1.132 - Could not reproduce on RHEL 6.6 Beta snapshot 5 with glibc-2.12-1.149 - Could not reproduce on RHEL 7 GA with glibc-2.17-55 We have 2 customers that are on RHEL 6.3 and 6.5 which are blocked by this issue. I would like to verify with Red Hat if there has been any updates to glibc that occurred some time between glibc-2.12-1.132 and glibc-2.12-1.149 to resolve this issue and if it's possible to narrow down which update addressed this issue. Is there a particular version of glibc that the customers can upgrade to that can resolve this issue from their current RHEL 6.3 or 6.5 distribution? I believe glibc-2.12-1.132 is the current highest available version for RHEL 6.3. Below is the link to the glibc fix for this glibc bug for this issue and also the diff for the 1 line fix to resolve the issue. https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=f9d2d03254a58d92635a311a42253eeed5a40a47 It may be useful for identifying the fix in the RHEL source code or applying the fix if it does not exist. (In reply to IBM Bug Proxy from comment #8) > ------- Comment From timkoh.com 2014-10-07 08:43 EDT------- > Hello, > Thank you for your reply. > > I have done some further investigation regarding the glibc issue and have > been spending time trying to reproduce the issue on different versions of > RHEL. > I noticed that this bug is not reproducible in RHEL 6.6 Beta snapshot 5 and > RHEL 7 GA. > > Below are some of the reproduction results I have compiled: > - Reproduced bug on RHEL 6.3 with glibc-2.12-1.132 > - Could not reproduce on RHEL 6.6 Beta snapshot 5 with glibc-2.12-1.149 > - Could not reproduce on RHEL 7 GA with glibc-2.17-55 > > We have 2 customers that are on RHEL 6.3 and 6.5 which are blocked by this > issue. > > I would like to verify with Red Hat if there has been any updates to glibc > that occurred some time between glibc-2.12-1.132 and glibc-2.12-1.149 to > resolve this issue and if it's possible to narrow down which update > addressed this issue. Is there a particular version of glibc that the > customers can upgrade to that can resolve this issue from their current RHEL > 6.3 or 6.5 distribution? I believe glibc-2.12-1.132 is the current highest > available version for RHEL 6.3. > > Below is the link to the glibc fix for this glibc bug for this issue and > also the diff for the 1 line fix to resolve the issue. > https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; > h=f9d2d03254a58d92635a311a42253eeed5a40a47 > > It may be useful for identifying the fix in the RHEL source code or applying > the fix if it does not exist. . for the records ... the mentioned reproducer is attached in RHBZ 1148326 in comment #2 ... Created attachment 987651 [details]
Reproduces the bug described. Build and run by using: gcc -o bug bug.c -lpthread && ./bug
This is now fixed in rhel-6.7. Please keep in mind that we have fixed the *known* issue, but there may be other *unknown* failures still present that are not related. There have been reports of users still being able to reproduce the failure mode after the patch, but we will handle that as a distinct bug, tracking these failures down one-by-one until we have none left. Therefore please bear with me if you find the issue still reproducible on your particular configuration. As with all race cases it is difficult to trigger reliably and track down. ------- Comment From timkoh.com 2015-02-20 06:01 EDT------- Thank you for the update. This ticket may be closed. *** Bug 1207996 has been marked as a duplicate of this bug. *** Created attachment 1028107 [details]
bug-fixed reproducer.
The original bug.c code had a couple of bugs which could cause false-positives.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1286.html |