Bugzilla – Bug 847227
VUL-0: CVE-2013-4458: glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
Last modified: 2017-06-22 10:10:13 UTC
CVE-2013-4458 A stack (frame) overflow flaw, which led to a denial of service was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. References: https://sourceware.org/bugzilla/show_bug.cgi?id=16072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4458 https://bugzilla.redhat.com/show_bug.cgi?id=1022280 http://comments.gmane.org/gmane.comp.security.oss.general/11358
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (847227) was mentioned in https://build.opensuse.org/request/show/205248 Factory / glibc
Update released for: glibc, glibc-64bit, glibc-debuginfo, glibc-debuginfo-64bit, glibc-debugsource, glibc-devel, glibc-devel-64bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-64bit, glibc-obsolete, glibc-profile, glibc-profile-64bit, nscd Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0760-1: An update that solves two vulnerabilities and has four fixes is now available. Category: security (low) Bug References: 836746,844309,847227,854445,863499,872832 CVE References: CVE-2013-4357,CVE-2013-4458 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): glibc-2.11.3-17.62.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): glibc-2.11.3-17.62.1 SUSE Linux Enterprise Server 11 SP3 (src): glibc-2.11.3-17.62.1 SUSE Linux Enterprise Desktop 11 SP3 (src): glibc-2.11.3-17.62.1
Looks like all updates are released.
Also applicable to SLES 10.
How to reproduce this issue: #> seq 1 50000 | while read; do echo "127.0.0.1 test-entry" >> /etc/hosts; done #> seq 1 50000 | while read; do echo "::1 test-entry" >> /etc/hosts; done ------------ #include <stdio.h> #include <netdb.h> int main(void) { struct addrinfo* result; int error; error = getaddrinfo("test-entry", NULL, NULL, &result); return error; } ------------ #> gcc -Wall -o CVE-2013-4458-reproducer CVE-2013-4458-reproducer.c #> ./CVE-2013-4458-reproducer Segmentation fault
SUSE-SU-2016:0470-1: An update that solves 10 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 830257,847227,863499,892065,918187,920338,927080,945779,950944,961721,962736,962737,962738,962739 CVE References: CVE-2013-2207,CVE-2013-4458,CVE-2014-8121,CVE-2014-9761,CVE-2015-1781,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): glibc-2.11.3-17.45.66.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): glibc-2.11.3-17.45.66.1
close