Bug 1339960
| Summary: | CVE-2013-7423 glibc: getaddrinfo() sends DNS queries to random file descriptors [rhel-6.5.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Marcel Kolaja <mkolaja> |
| Component: | glibc | Assignee: | Florian Weimer <fweimer> |
| Status: | CLOSED ERRATA | QA Contact: | Václav Kadlčík <vkadlcik> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.5 | CC: | alanm, ashankar, bhubbard, bugproxy, chorn, codonell, fweimer, hannsj_uhl, mcermak, michael.moser, mnewsome, mpoole, mprpic, pandrade, pfrankli, rzaleski, sardella, spoyarek, vkadlcik |
| Target Milestone: | rc | Keywords: | SecurityTracking, ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | glibc-2.12-1.132.el6_5.8 | Doc Type: | Release Note |
| Doc Text: |
It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
|
Story Points: | --- |
| Clone Of: | 1144019 | Environment: | |
| Last Closed: | 2016-06-07 05:38:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1144019 | ||
| Bug Blocks: | 1187109 | ||
|
Description
Marcel Kolaja
2016-05-26 09:15:57 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:1207 |