Bug 1209105 (CVE-2015-1473)
Summary: | CVE-2015-1473 glibc: Stack-overflow in glibc swscanf | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | arjun.is, ashankar, codonell, fweimer, jakub, jrusnack, law, msebor, pfrankli, slawomir, spoyarek |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-20 05:54:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1209106, 1209107 | ||
Bug Blocks: | 1188240, 1210268, 1262918 |
Description
Huzaifa S. Sidhpurwala
2015-04-06 06:55:10 UTC
This report is a duplicate of bug 1188235 - (CVE-2015-1472) CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf. (In reply to Martin Sebor from comment #2) > This report is a duplicate of bug 1188235 - (CVE-2015-1472) CVE-2015-1472 > glibc: heap buffer overflow in glibc swscanf. Not as per debian, see difference between: https://security-tracker.debian.org/tracker/CVE-2015-1472 and https://security-tracker.debian.org/tracker/CVE-2015-1473 (In reply to Huzaifa S. Sidhpurwala from comment #3) > Not as per debian, see difference between: > > https://security-tracker.debian.org/tracker/CVE-2015-1472 and > https://security-tracker.debian.org/tracker/CVE-2015-1473 Sorry, I don't see it. The upstream bug and fix are the same in both: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618 Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Statement: This issue does not affect the version of glibc package as shipped with Red Hat Enterprise Linux 5 and 6. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Via RHSA-2015:2589 https://rhn.redhat.com/errata/RHSA-2015-2589.html |