CVE-2015-1781 in glibc

[Florian Weimer <fweimer () redhat com>]

Arjun Shankar of Red Hat discovered that the nss_dns code does not
adjust the buffer length when the buffer start pointer is aligned.  As a
result, a buffer overflow can occur in the implementation of functions
such as gethostbyname_r, and crafted DNS responses might cause
application crashes or result in arbitrary code execution.

This can only happen if these functions are called with a misaligned
buffer.  I looked at quite a bit of source code, and tested applications
with a patched glibc that logs misaligned buffers.  I did not observe
any such misaligned buffers.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Upstream commit:

https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386

-- 
Florian Weimer / Red Hat Product Security