Bug 1256285 - (CVE-2015-5229) CVE-2015-5229 glibc: calloc may return non-zero memory
CVE-2015-5229 glibc: calloc may return non-zero memory
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20150821,reported=2...
: Reopened, Security
Depends On: 1244002 1246713 1293976 1294080 1296453
Blocks: 1256291 1293533
  Show dependency treegraph
 
Reported: 2015-08-24 05:46 EDT by Florian Weimer
Modified: 2016-08-30 18:45 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-16 11:58:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2015-08-24 05:46:16 EDT
It was discovered that the calloc implementation in glibc, as shipped in the Red Hat Enterprise Linux 6.7 GA and 7.2 GA version, could return memory areas which contain non-zero bytes. This could lead to application misbehavior such as hangs or crashes.
Comment 1 Florian Weimer 2015-08-24 05:50:51 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHBA-2015:1465 https://rhn.redhat.com/errata/RHBA-2015-1465.html
Comment 2 Florian Weimer 2015-08-24 05:51:35 EDT
Fixed glibc packages for Red Hat Enterprise Linux 6.7 were available at GA time, but are not included in the installation media.
Comment 3 Martin Prpič 2016-01-07 04:59:06 EST
This issue was found to also affect Red Hat Enterprise Linux 7.2. This issue does not affect Red Hat Enterprise Linux 7.0 or 7.1.
Comment 8 Martin Prpič 2016-02-15 07:18:05 EST
Acknowledgements:

Red Hat would like to thank Jeff Layton for reporting this issue.
Comment 9 errata-xmlrpc 2016-02-16 10:41:18 EST
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0176 https://rhn.redhat.com/errata/RHSA-2016-0176.html

Note You need to log in before you can comment on or make changes to this bug.