diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -7,6 +7,20 @@ using `glibc' in the "product" field. Version 2.22.1 +* A stack-based buffer overflow was found in libresolv when invoked from + libnss_dns, allowing specially crafted DNS responses to seize control + of execution flow in the DNS client. The buffer overflow occurs in + the functions send_dg (send datagram) and send_vc (send TCP) for the + NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC + family. The use of AF_UNSPEC triggers the low-level resolver code to + send out two parallel queries for A and AAAA. A mismanagement of the + buffers used for those queries could result in the response of a query + writing beyond the alloca allocated buffer created by + _nss_dns_gethostbyname4_r. Buffer management is simplified to remove + the overflow. Thanks to the Google Security Team and Red Hat for + reporting the security impact of this issue, and Robert Holiday of + Ciena for reporting the related bug 18665. (CVE-2015-7547) + * The following bugs are resolved with this release: 17905, 18420, 18421, 18480, 18589, 18743, 18778, 18781, 18787, 18796, |