Hide Forgot
Arjun Shankar of Red Hat discovered that gethostbyname_r and related functions compute the size of an input buffer incorrectly if the passed-in buffer is misaligned. This results in a buffer overflow.
Created attachment 999499 [details] resolver.patch Arjun's patch.
Acknowledgements: This issue was discovered by Arjun Shankar of Red Hat.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0863 https://rhn.redhat.com/errata/RHSA-2015-0863.html
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1214152]
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Via RHSA-2015:2589 https://rhn.redhat.com/errata/RHSA-2015-2589.html
glibc-2.21-11.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.