FEDORA-2016-0f9e9a34ce

security update in Fedora 23 for glibc

Status: stable 3 years ago

This updates addresses a critical security vulnerability in the DNS resolver related to AF_UNSPEC queries with getaddrinfo (CVE-2015-7547).

In addition, a bug that causes Hesiod lookups to fail with a crash is fixed.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 34

This update has been submitted for testing by fweimer.

No problems noticed after manually updating from koji and rebooting.

karma: +1 critpath: +1

Looks good to me as well.

karma: +1 critpath: +1

Works fine for me

karma: +1 critpath: +1

Additionally verified that no more segfault occurs with provided PoC.

#1308943: +1 #1293532: +1

Works for me.

karma: +1 critpath: +1

works for me

karma: +1

Also no problems noticed after manually updating from koji and rebooting.

karma: +1 critpath: +1

works for me.

karma: +1 critpath: +1

works for me

karma: +1

critpath: +1

working OK here. haven't confirmed security fix, but no critpath problems.

karma: +1 critpath: +1

Everything working fine after a reboot. Didn't check CVE-2015-7547.

karma: +1 critpath: +1

No issues noted in everyday use.

karma: +1 critpath: +1
karma: +1 critpath: +1

6 hours after the build was completed and still in pending state and not in the updates-testing repo (not counting that it should go directly to the stable repo)? Fix for serious security bug? Are you joking?

+1

karma: +1 critpath: +1 #1252570: +1 #1308943: +1 #1293532: +1

I'm with anonymous.. these security updates take too long.

karma: +1 critpath: +1 #1252570: +1 #1308943: +1 #1293532: +1

This update has been pushed to testing.

This update has been submitted for stable by bodhi.

works for me

karma: +1

critpath: +1

works here

karma: +1 critpath: +1

works here

karma: +1 critpath: +1

Works for me

karma: +1 critpath: +1 #1293532: +1

This update has been pushed to stable.

This update reliably causes my self-built Firefox to fail to resolve hostnames after being installed. Hostnames are generally resolvable by other tools, but the Firefox failure is immediate and almost total. glibc-2.22-7.fc23 works fine.

karma: -1

cks: Did you file a bug report with more, detailed information?

I've asked cks by email to help us triage what's going on with his Firefox builds.

See https://bugzilla.redhat.com/show_bug.cgi?id=1252570#c6 for the issue reported by cks. If we say reboot required, we actually mean it. ☺

works for me.

karma: +1 critpath: +1

Where is update for Fedora 22? :-(

@anonymous here is the update for F22: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0480defc94 which is pushed to stable and was deployed from koji 30 hours ago to all our production servers by me

Any chance of a Fedora 21 update?

@anonymous: Fedora 21 is EOL long ago and should not be installed anywhere this time so there is no chance and this bodhi ticket is ONLY for the F23 build

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
urgent
Karma
+15
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 3

0+2 #1252570 glibc-2.21.90-21.fc23 segfaults in hesiod getgrouplist()
0+4 #1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
0+3 #1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]

Automated Test Results