Bug 1197730 (CVE-2015-8984)

Summary: CVE-2015-8984 glibc: potential denial of service in internal_fnmatch()
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: arjun.is, ashankar, codonell, fweimer, jakub, law, mnewsome, msebor, pfrankli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc 2.22 Doc Type: Bug Fix
Doc Text:
A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-24 08:28:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1197732, 1209107    
Bug Blocks: 1187112, 1197731, 1210268    

Description Vasyl Kaigorodov 2015-03-02 13:51:43 UTC
It was reported [1] that when processing certain malformed patterns, fnmatch can skip over the NUL byte terminating the pattern.  This can potentially result in an application crash if fnmatch hits an unmapped page before encountering a NUL byte.

Upstream bug report:
https://sourceware.org/bugzilla/show_bug.cgi?id=18032

The fix is here:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185

[1]: http://seclists.org/oss-sec/2015/q1/689

Comment 1 Vasyl Kaigorodov 2015-03-02 13:53:14 UTC
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1197732]

Comment 3 Martin Sebor 2015-05-29 22:45:10 UTC
There are two other related bugs in fnmatch that have been fixed upstream and that need to be backported if 18032 is to be because the test in 18032 depends on those fixes: 
http://sourceware.org/bugzilla/show_bug.cgi?id=17062
and
http://sourceware.org/bugzilla/show_bug.cgi?id=18036

Comment 4 Carlos O'Donell 2015-06-03 04:28:56 UTC
(In reply to Martin Sebor from comment #3)
> There are two other related bugs in fnmatch that have been fixed upstream
> and that need to be backported if 18032 is to be because the test in 18032
> depends on those fixes: 
> http://sourceware.org/bugzilla/show_bug.cgi?id=17062
> and
> http://sourceware.org/bugzilla/show_bug.cgi?id=18036

Both of those look good to me.

Comment 5 Huzaifa S. Sidhpurwala 2015-09-08 07:24:34 UTC
CVE request via:

http://openwall.com/lists/oss-security/2015/09/08/2

Comment 7 errata-xmlrpc 2015-11-19 04:16:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html

Comment 8 Andrej Nemec 2017-02-15 09:10:43 UTC
CVE assignment:

http://seclists.org/oss-sec/2017/q1/437