962736 – (CVE-2015-8776) VUL-1: CVE-2015-8776: glibc: Passing out of range data to strftime() causes a segfault

Bug 962736 (CVE-2015-8776) - VUL-1: CVE-2015-8776: glibc: Passing out of range data to strftime() causes a segfault

Summary: VUL-1: CVE-2015-8776: glibc: Passing out of range data to strftime() causes a...

Status:	RESOLVED FIXED

Alias:	CVE-2015-8776

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Andreas Schwab
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv3:RedHat:CVE-2015-8776:6.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-01-20 10:20 UTC by Johannes Segitz
Modified:	2020-01-20 09:22 UTC (History)
CC List:	0 users

See Also:	https://sourceware.org/bugzilla/show_bug.cgi?id=18985
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-01-20 10:20:46 UTC

Passing out of range data to strftime() causes a segfault
https://sourceware.org/bugzilla/show_bug.cgi?id=18985

Out-of-range time values passed to the strftime function may cause it to
crash, leading to a denial of service, or potentially disclosure
information.

Comment 1 Swamp Workflow Management 2016-01-20 23:00:14 UTC

bugbot adjusting priority

Comment 8 Swamp Workflow Management 2016-02-16 19:18:21 UTC

SUSE-SU-2016:0470-1: An update that solves 10 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 830257,847227,863499,892065,918187,920338,927080,945779,950944,961721,962736,962737,962738,962739
CVE References: CVE-2013-2207,CVE-2013-4458,CVE-2014-8121,CVE-2014-9761,CVE-2015-1781,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    glibc-2.11.3-17.45.66.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    glibc-2.11.3-17.45.66.1

Comment 9 Swamp Workflow Management 2016-02-16 19:24:02 UTC

SUSE-SU-2016:0471-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 950944,955647,956716,958315,961721,962736,962737,962738,962739
CVE References: CVE-2014-9761,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    glibc-2.19-35.1
SUSE Linux Enterprise Server 12-SP1 (src):    glibc-2.19-35.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    glibc-2.19-35.1

Comment 10 Swamp Workflow Management 2016-02-16 19:29:57 UTC

SUSE-SU-2016:0472-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 930721,942317,950944,956988,961721,962736,962737,962738,962739
CVE References: CVE-2014-9761,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Server 11-SP4 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Server 11-SP3 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Desktop 11-SP4 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    glibc-2.11.3-17.95.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    glibc-2.11.3-17.95.2

Comment 11 Swamp Workflow Management 2016-02-16 19:31:44 UTC

SUSE-SU-2016:0473-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 950944,955647,956716,958315,961721,962736,962737,962738,962739
CVE References: CVE-2014-9761,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    glibc-2.19-22.13.1
SUSE Linux Enterprise Server 12 (src):    glibc-2.19-22.13.1
SUSE Linux Enterprise Desktop 12 (src):    glibc-2.19-22.13.1

Comment 12 Swamp Workflow Management 2016-02-17 11:12:58 UTC

openSUSE-SU-2016:0490-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 950944,955647,956716,958315,961721,962736,962737,962738,962739
CVE References: CVE-2014-9761,CVE-2015-7547,CVE-2015-8776,CVE-2015-8777,CVE-2015-8778,CVE-2015-8779
Sources used:
openSUSE Leap 42.1 (src):    glibc-2.19-19.1, glibc-testsuite-2.19-19.2, glibc-utils-2.19-19.1

Comment 13 Bernhard Wiedemann 2016-02-17 15:00:20 UTC

This is an autogenerated message for OBS integration:
This bug (962736) was mentioned in
https://build.opensuse.org/request/show/359990 Factory / glibc

Comment 14 Swamp Workflow Management 2016-02-18 23:12:34 UTC

openSUSE-SU-2016:0510-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 956716,958315,961721,962736,962737,962738,962739
CVE References: CVE-2014-9761,CVE-2015-7547,CVE-2015-8776,CVE-2015-8778,CVE-2015-8779
Sources used:
openSUSE 13.2 (src):    glibc-2.19-16.22.2, glibc-testsuite-2.19-16.22.4, glibc-utils-2.19-16.22.2

Comment 15 Andreas Schwab 2019-08-27 14:47:26 UTC

All updates released.