> Subject: Re: [yocto] HEADSUP - CVE 2015-023 remote code execution in glibc > Alexandr, > On 01/28/2015 03:17 AM, Damian, Alexandru wrote: >> More details >> >>http://www.openwall.com/lists/oss-security/2015/01/27/9 >> >> redhat bug and patch >> >>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 >> >> Do we need to open a bug to track this ? > I am working on patches already. if you opened a bug, please send me the #. > - Armin
Hi guys, I opened a bug for this yesterday, (Bug 7258 - glibc: __nss_hostname_digits_dots() heap-based buffer overflow (CVE-2015-0235)) but closed it since this doesn't affect us. There is another glibc issue (CVE-2013-7423?) being discussed, I think this is also fixed in 2.20. <solardiz> glibc "getaddrinfo() writes DNS queries to random file descriptors under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946 "Fixed in 2.20" //Sona -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto