Re: Security ERRATA Critical: glibc on SL6.x, SL7.x i386/x86_64

[Phil Wyett]

On Tue, 2015-01-27 at 21:16 +0000, Pat Riehecky wrote:
> Synopsis:          Critical: glibc security update
> Advisory ID:       SLSA-2015:0092-1
> Issue Date:        2015-01-27
> CVE Numbers:       CVE-2015-0235
> --
> 
> A heap-based buffer overflow was found in glibc's
> __nss_hostname_digits_dots() function, which is used by the
> gethostbyname() and gethostbyname2() glibc function calls. A remote
> attacker able to make an application call either of these functions could
> use this flaw to execute arbitrary code with the permissions of the user
> running the application. (CVE-2015-0235)
> --
> 
> SL6
>   x86_64
>     glibc-2.12-1.149.el6_6.5.i686.rpm
>     glibc-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-common-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm
>     glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm
>     glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-devel-2.12-1.149.el6_6.5.i686.rpm
>     glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm
>     nscd-2.12-1.149.el6_6.5.x86_64.rpm
>     glibc-static-2.12-1.149.el6_6.5.i686.rpm
>     glibc-static-2.12-1.149.el6_6.5.x86_64.rpm
>   i386
>     glibc-2.12-1.149.el6_6.5.i686.rpm
>     glibc-common-2.12-1.149.el6_6.5.i686.rpm
>     glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm
>     glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm
>     glibc-devel-2.12-1.149.el6_6.5.i686.rpm
>     glibc-headers-2.12-1.149.el6_6.5.i686.rpm
>     glibc-utils-2.12-1.149.el6_6.5.i686.rpm
>     nscd-2.12-1.149.el6_6.5.i686.rpm
>     glibc-static-2.12-1.149.el6_6.5.i686.rpm
> SL7
>   x86_64
>     glibc-2.17-55.el7_0.5.i686.rpm
>     glibc-2.17-55.el7_0.5.x86_64.rpm
>     glibc-common-2.17-55.el7_0.5.x86_64.rpm
>     glibc-debuginfo-2.17-55.el7_0.5.i686.rpm
>     glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm
>     glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm
>     glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm
>     glibc-devel-2.17-55.el7_0.5.i686.rpm
>     glibc-devel-2.17-55.el7_0.5.x86_64.rpm
>     glibc-headers-2.17-55.el7_0.5.x86_64.rpm
>     glibc-utils-2.17-55.el7_0.5.x86_64.rpm
>     nscd-2.17-55.el7_0.5.x86_64.rpm
>     glibc-static-2.17-55.el7_0.5.i686.rpm
>     glibc-static-2.17-55.el7_0.5.x86_64.rpm
> 
> - Scientific Linux Development Team

Hi all,

The debuginfo rpm files for this update do not seem to have hit server.

Regards

Phil

signature.asc
Description: This is a digitally signed message part