CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]

author: Arjun Shankar <arjun.is@lostca.se> 2015-04-21 14:06:31 +0200
committer: Florian Weimer <fweimer@redhat.com> 2015-04-21 14:06:50 +0200
commit: 2959eda9272a033863c271aff62095abd01bd4e3 (patch)
tree: 921b14d182ce222b9b44f983e8dca7bacb3c8fda /NEWS
parent: 7bf8fb104226407b75103b95525364c4667c869f (diff)
download: glibc-2959eda9272a033863c271aff62095abd01bd4e3.tar.gz
glibc-2959eda9272a033863c271aff62095abd01bd4e3.tar.xz
glibc-2959eda9272a033863c271aff62095abd01bd4e3.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 2bbd6a3f8b..ccc4d135b9 100644
--- a/NEWS
+++ b/NEWS
@@ -16,7 +16,14 @@ Version 2.22
   17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019, 18020, 18029,
   18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18068,
   18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, 18197,
-  18206, 18210, 18211, 18247.
+  18206, 18210, 18211, 18247, 18287.
+
+* A buffer overflow in gethostbyname_r and related functions performing DNS
+  requests has been fixed.  If the NSS functions were called with a
+  misaligned buffer, the buffer length change due to pointer alignment was
+  not taken into account.  This could result in application crashes or,
+  potentially arbitrary code execution, using crafted, but syntactically
+  valid DNS responses.  (CVE-2015-1781)
 
 * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
   for LD and GD on x86 and x86-64, has been implemented.  You will need
author	Arjun Shankar <arjun.is@lostca.se>	2015-04-21 14:06:31 +0200
committer	Florian Weimer <fweimer@redhat.com>	2015-04-21 14:06:50 +0200
commit	2959eda9272a033863c271aff62095abd01bd4e3 (patch)
tree	921b14d182ce222b9b44f983e8dca7bacb3c8fda /NEWS
parent	7bf8fb104226407b75103b95525364c4667c869f (diff)
download	glibc-2959eda9272a033863c271aff62095abd01bd4e3.tar.gz glibc-2959eda9272a033863c271aff62095abd01bd4e3.tar.xz glibc-2959eda9272a033863c271aff62095abd01bd4e3.zip