Bug 1300299 – CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime()

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1300299 - (CVE-2015-8776) CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime()

Summary:	CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data t...

Status:	NEW

Aliases:	CVE-2015-8776

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20150920,repor...
Keywords:	Security

Depends On:	1300300 1358011 1374658
Blocks:	1300316 1386080 1415638
	Show dependency tree / graph

Reported:	2016-01-20 07:42 EST by Adam Mariš
Modified:	2017-08-01 14:12 EDT (History)
CC List:	22 users (show)

See Also:
Fixed In Version:	glibc 2.23
Doc Type:	Bug Fix
Doc Text:	It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Sourceware	18985	None	None	None	2016-01-20 07:52 EST
Red Hat Product Errata	RHSA-2017:0680	normal	SHIPPED_LIVE	Moderate: glibc security and bug fix update	2017-03-21 08:36:34 EDT
Red Hat Product Errata	RHSA-2017:1916	normal	SHIPPED_LIVE	Moderate: glibc security, bug fix, and enhancement update	2017-08-01 14:05:43 EDT

Groups: None (edit)

Description Adam Mariš 2016-01-20 07:42:55 EST

It was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=18985

CVE assignment:

http://seclists.org/oss-sec/2016/q1/153

Comment 1 Adam Mariš 2016-01-20 07:45:19 EST

Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1300300]

Comment 2 Huzaifa S. Sidhpurwala 2016-01-21 02:52:30 EST

Upstream commit at:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7

Comment 3 Huzaifa S. Sidhpurwala 2016-01-22 01:14:04 EST

Public reproducer available at:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blob_plain;f=time/tst-strftime.c;h=af3ff72faf9588126fb269b0e9080357c32b5fcb;hb=d36c75fc0d44deec29635dd239b0fbd206ca49b7

Comment 6 Martin Prpič 2016-07-07 03:56:39 EDT

Mitigation:

Check time values before they are passed to strftime, or call strftime only with struct tm values computed by gmtime or localtime.

Comment 8 errata-xmlrpc 2017-03-21 06:35:11 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2017:0680 https://rhn.redhat.com/errata/RHSA-2017-0680.html

Comment 10 errata-xmlrpc 2017-08-01 14:12:47 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1916 https://access.redhat.com/errata/RHSA-2017:1916

Note You need to log in before you can comment on or make changes to this bug.

aavati
arjun.is
ashankar
codonell
fweimer
jakub
jwalter
law
mfabian
mnewsome
nlevinki
pfrankli
rfortier
rhs-bugs
sardella
sgirijan
sid
slawomir
smohan
ssaha
vbellur
yozone