Bug 1197730 (CVE-2015-8984)
Summary: | CVE-2015-8984 glibc: potential denial of service in internal_fnmatch() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | arjun.is, ashankar, codonell, fweimer, jakub, law, mnewsome, msebor, pfrankli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | glibc 2.22 | Doc Type: | Bug Fix |
Doc Text: |
A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-24 08:28:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1197732, 1209107 | ||
Bug Blocks: | 1187112, 1197731, 1210268 |
Description
Vasyl Kaigorodov
2015-03-02 13:51:43 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1197732] There are two other related bugs in fnmatch that have been fixed upstream and that need to be backported if 18032 is to be because the test in 18032 depends on those fixes: http://sourceware.org/bugzilla/show_bug.cgi?id=17062 and http://sourceware.org/bugzilla/show_bug.cgi?id=18036 (In reply to Martin Sebor from comment #3) > There are two other related bugs in fnmatch that have been fixed upstream > and that need to be backported if 18032 is to be because the test in 18032 > depends on those fixes: > http://sourceware.org/bugzilla/show_bug.cgi?id=17062 > and > http://sourceware.org/bugzilla/show_bug.cgi?id=18036 Both of those look good to me. CVE request via: http://openwall.com/lists/oss-security/2015/09/08/2 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html CVE assignment: http://seclists.org/oss-sec/2017/q1/437 |