Bugzilla – Bug 916222
VUL-0: CVE-2015-1472 CVE-2015-1473: glibc,glibc.i686: heap buffer overflow in glibc swscanf
Last modified: 2019-05-01 16:42:00 UTC
stdio-common/vfscanf.c has an ADDW macro that tries to determine whether to use malloc or alloca for allocations. But in the malloc case, it only allocates newsize bytes instead of the required newsize * sizeof (CHAR_T). Test case for the bug is in the RH report. References: https://bugzilla.redhat.com/show_bug.cgi?id=1188235 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1472 http://seclists.org/oss-sec/2015/q1/404
bugbot adjusting priority
Bug also mentions CVE-2015-1473. From oss-sec: From: cve-assign@...re.org To: ppluzhnikov@...il.com > The check with __libc_use_alloca also checks against the number of > array entries to allocate rather than the number of bytes, so the > function can allocate up to four times as many bytes as is libc policy > on the stack in the wide character case. Here, it seems that the goal of the policy is risk management for use of alloca. This is security relevant for some applications that use glibc, because it could (for example) allow a denial of service attack that's intended to trigger a failed alloca. There was one intended policy, and the the incorrect "__libc_use_alloca (newsize)" caused a different (and weaker) policy to be enforced instead. Use CVE-2015-1473 for this risk-management error.
Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618 Can you please add this to your SLE 12 submit?
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-24. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60630
openSUSE-SU-2015:0351-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 906371,910599,915526,916222 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: openSUSE 13.2 (src): glibc-2.19-16.5.1, glibc-testsuite-2.19-16.5.2, glibc-utils-2.19-16.5.1 openSUSE 13.1 (src): glibc-2.18-4.25.1, glibc-testsuite-2.18-4.25.2, glibc-utils-2.18-4.25.1
I miss the i686 builds?! There has no update arrived. Also the announcement posting tells to install zypper in -t patch openSUSE-2015-173=1 If I execute the command: 'patch:openSUSE-2015-173 = 1' is already installed. But > rpm -q --changelog glibc | head * Di Sep 02 2014 schwab@suse.de - setlocale-directory-traversal.patch: Directory traversal in locale environment handling (CVE-2014-0475, bnc#887022, BZ #17137) - disable-gconv-translit-modules.patch: Disable gconv transliteration module loading (CVE-2014-5119, bnc#892073, BZ #17187) - iconv-ibm-sentinel-check.patch: Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325) So the last available update for glibc.i686 has been some time ago.
The problem is incorrect _link in building. we will be reissuing the update with a i686 glibc for 13.1 in the next days
SLES11 did not have the problematic code for CVE-2015-1472 (it used the correct alloca() siuzes) But it did use unbounded alloca(), so using the new upstream malloc/alloca thing is good (CVE-2015-1473).
*** Bug 920341 has been marked as a duplicate of this bug. ***
SUSE-SU-2015:0439-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 904461,906371,915526,916222,917072 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): glibc-2.11.3-17.82.11 SUSE Linux Enterprise Server 11 SP3 for VMware (src): glibc-2.11.3-17.82.11 SUSE Linux Enterprise Server 11 SP3 (src): glibc-2.11.3-17.82.11 SUSE Linux Enterprise Desktop 11 SP3 (src): glibc-2.11.3-17.82.11
SUSE-SU-2015:0526-1: An update that solves four vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 864081,905313,906371,909053,910599,915526,915985,916222 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): glibc-2.19-20.3 SUSE Linux Enterprise Server 12 (src): glibc-2.19-20.3 SUSE Linux Enterprise Desktop 12 (src): glibc-2.19-20.3
released all of them now I think
SUSE-SU-2015:0550-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 887022,906371,910599,916222,918233 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): glibc-2.4-31.117.1
SUSE-SU-2015:0551-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 887022,906371,910599,915526,916222,918233 CVE References: CVE-2013-7423,CVE-2014-7817,CVE-2014-9402,CVE-2015-1472 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): glibc-2.11.3-17.45.59.1 SUSE Linux Enterprise Server 11 SP1 LTSS (src): glibc-2.11.1-0.64.1
*** Bug 922243 has been marked as a duplicate of this bug. ***
CVE-2015-1473 (bad alloca size) actually only affected SUSE Linux Enterprise 12 and was fixed with above listed update. It does not affect older distributions.
This is an autogenerated message for OBS integration: This bug (916222) was mentioned in https://build.opensuse.org/request/show/315336 42 / glibc