FEDORA-2016-0480defc94 created by fweimer 3 years ago for Fedora 22
stable

This updates addresses a critical security vulnerability in the DNS resolver related to AF_UNSPEC queries with getaddrinfo (CVE-2015-7547). It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves malloc scalability for applications which start and terminate many threads. The output of locale -a is now ASCII-only (previously, it contained ISO-8859-1 characters).

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-0480defc94

This update has been submitted for testing by fweimer.

3 years ago

fweimer edited this update.

3 years ago
User Icon fweimer commented & provided feedback 3 years ago

The expected bugs are fixed, build logs did not show any regression, general system behavior appears to be fine.

BZ#1276112 glibc: malloc arena free list can become cyclic
BZ#970866 Test suite failure: tst-audit2.out
BZ#1214152 CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer [fedora-all]
BZ#1276761 CVE-2015-8777 glibc: apply additional pointer guard hardening
BZ#1184168 locale -a output is binary according to grep because of bokmal
BZ#1199525 CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
BZ#1260581 CVE-2015-8777 glibc: LD_POINTER_GUARD in the environment is not sanitized

This update has been pushed to testing.

3 years ago
User Icon anonymous commented & provided feedback 3 years ago

Looks good here. No issues.

karma: +1

User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

fweimer edited this update.

New build(s):

  • glibc-2.21-11.fc22

Removed build(s):

  • glibc-2.21-10.fc22
3 years ago

This update has been submitted for testing by fweimer.

3 years ago
User Icon till commented & provided feedback 3 years ago
karma

Works fine after reboot.

User Icon till commented & provided feedback 3 years ago

filiperosset: I guess you need to re-test to get you karma count, because the builds were changed.

User Icon hreindl commented & provided feedback 3 years ago
karma

works for me

User Icon codonell commented & provided feedback 3 years ago
karma

Works before and after reboot and passes the CVE-2015-7547 regression testsuite.

BZ#1276112 glibc: malloc arena free list can become cyclic
BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]

fweimer edited this update.

3 years ago
User Icon adamwill commented & provided feedback 3 years ago
karma

working OK here. haven't confirmed security fix, but no critpath problems.

This update has been pushed to testing.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#970866 Test suite failure: tst-audit2.out
0
0
BZ#1184168 locale -a output is binary according to grep because of bokmal
0
0
BZ#1199525 CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer
0
0
BZ#1214152 CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer [fedora-all]
0
0
BZ#1260581 CVE-2015-8777 glibc: LD_POINTER_GUARD in the environment is not sanitized
0
0
BZ#1276112 glibc: malloc arena free list can become cyclic
0
1
BZ#1276761 CVE-2015-8777 glibc: apply additional pointer guard hardening
0
0
BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
0
0
BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]
0
1

Automated Test Results