1
PublicDateAtUSN: 2015-08-10
2
Candidate: CVE-2015-5180
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180
6
https://usn.ubuntu.com/usn/usn-3239-1
7
https://usn.ubuntu.com/usn/usn-3239-2
9
res_query in libresolv in glibc before 2.25 allows remote attackers to
10
cause a denial of service (NULL pointer dereference and process crash).
12
Florian Weimer discovered a NULL pointer dereference in the DNS
13
resolver of the GNU C Library. An attacker could use this to cause
16
tyhicks> See test case in the bug
17
tyhicks> no fix upstream as of 2016-09-09
18
sbeattie> patch committed upstream on 2016-12-31; renames symbol so
19
backporting may not be easy.
20
sbeattie> commit included in glibc 2.25 release
21
sbeattie> debian fixed this in unstable in 2.24-9
22
sbeattie> fixing this does indeed break the internal ABI between
23
libnss_dns and libresolv. We're backing out this change.
24
sbeattie> reverted from zesty in 2.24-9ubuntu2 by infinity.
25
sbeattie> For existing releases, DO NOT APPLY THIS PATCH due to ABI
26
breakage. Fix will come in to 17.10 when we get glibc-2.25 as we
27
do not guarantee ABI for libresolv internals across different
28
different glibc releases, just for upgrades for same versions
30
REPEAT: DO NOT APPLY THIS PATCH (UNMODIFIED) IN A STABLE RELEASE
32
https://sourceware.org/bugzilla/show_bug.cgi?id=18784
33
https://bugzilla.redhat.com/show_bug.cgi?id=1249603
34
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796106
35
https://bugs.launchpad.net/bugs/1674532
37
Discovered-by: Florian Weimer
41
upstream_eglibc: needed
42
precise_eglibc: ignored (reached end-of-life)
43
precise/esm_eglibc: needed
46
vivid/stable-phone-overlay_eglibc: DNE
47
vivid/ubuntu-core_eglibc: DNE
57
upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5 (2.25)
58
upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=b3b37f1a5559a7620e31c8053ed1b44f798f2b6d (2.24)
59
upstream_glibc: released (2.25)
61
precise/esm_glibc: DNE
63
vivid_glibc: ignored (reached end-of-life)
64
vivid/stable-phone-overlay_glibc: ignored (reached end-of-life)
65
vivid/ubuntu-core_glibc: ignored (reached end-of-life)
66
wily_glibc: ignored (reached end-of-life)
68
yakkety_glibc: ignored (reached end-of-life)
69
zesty_glibc: ignored (reached end-of-life)