oss-sec mailing list archives
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 29 Jan 2015 07:27:58 +0530
On 01/29/2015 03:17 AM, Florian Weimer wrote:
Use CVE-2012-6686 for "unbound alloca use in glob_in_dir" as covered by Red Hat Bugzilla ID 797096.Oh, it seems Huzaifa posted the wrong Bugzilla reference.
Yes, sorry wrong bz.
We still need assignment for this fix: <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7> The matching Red Hat Bugzilla bug is: <https://bugzilla.redhat.com/show_bug.cgi?id=981942>
The above is the correct bug with the corresponding impact at: https://bugzilla.redhat.com/show_bug.cgi?id=1186614 MITRE, Can we still use the above CVE for this issue?
I haven't yet seen an upstream bug for it; this change happened before upstream required bugs being filed for all user-visible changes.
-- Huzaifa Sidhpurwala / Red Hat Product Security Team
Current thread:
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Marek Kroemeke (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 29)
- Please REJECT CVE-2012-6686 Florian Weimer (Feb 24)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)