Bug 1192525 (CVE-2015-8982)
Summary: | CVE-2015-8982 glibc: multiple overflows in strxfrm() | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED DEFERRED | QA Contact: | |||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | unspecified | CC: | arjun.is, ashankar, codonell, fweimer, jakub, jrusnack, law, mnewsome, pfrankli, sardella | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | glibc 2.21 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-11-24 08:29:24 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1192527 | ||||||||
Bug Blocks: | 1187112, 1192526 | ||||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2015-02-13 15:50:53 UTC
Created attachment 991416 [details]
strxfrm-alloca.c
Created attachment 991417 [details]
strxfrm-int32.c
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1192527] Actual upstream commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed One of the integer overflows (or a precursor to it) was introduced into strxfm in this commit: commit 450bf66ef223ad83e7032920652445817865770b Author: Ulrich Drepper <drepper> Date: Sat Dec 25 23:41:39 1999 +0000 … * string/strxfrm.c: Complete rewrite for new collate implementation. strxfrm is not widely used (although it is referenced by Firefox and PostgreSQL), use of strxfrm_l is even rarer. CVE request via: http://openwall.com/lists/oss-security/2015/09/08/2 CVE assignment: http://seclists.org/oss-sec/2017/q1/437 |