Launchpad CVE tracker

CVE 2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Related bugs and status

CVE-2015-7547 (Candidate) is related to these bugs:

Bug #1394929: [FFe]Please provide 'locales-all' as in Debian

Summary				In	Importance	Status
	1394929	[FFe]Please provide 'locales-all' as in Debian		glibc (Ubuntu)	Undecided	Fix Released
	1394929	[FFe]Please provide 'locales-all' as in Debian		langpack-locales (Ubuntu)	Undecided	Fix Released

Bug #1465307: 1.24.0: Lots of "agent is lost, sorry!" messages

Summary				In	Importance	Status
	1465307	1.24.0: Lots of "agent is lost, sorry!" messages		juju-core	High	New

Bug #1497473: [FFe] update glibc to 2.22 in wily

Summary				In	Importance	Status
	1497473	[FFe] update glibc to 2.22 in wily		glibc (Ubuntu)	Undecided	Fix Released

Bug #1521172: [FFe][Ubuntu 16.04] Use glibc-2.23 in Ubuntu 16.04

Summary				In	Importance	Status
	1521172	[FFe][Ubuntu 16.04] Use glibc-2.23 in Ubuntu 16.04		glibc (Ubuntu)	Medium	Fix Released

Bug #1546457: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

		In	Importance	Status
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	glibc (Ubuntu)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	eglibc (Ubuntu Precise)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	eglibc (Ubuntu Trusty)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	glibc (Ubuntu Wily)	High	Fix Released

Bug #1547229: CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo

		In	Importance	Status
1547229	CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo	Mirantis OpenStack	High	Fix Released
1547229	CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo	Fuel for OpenStack 6.1.x	High	Fix Released
1547229	CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo	Fuel for OpenStack 6.0.x	High	Fix Released
1547229	CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo	Fuel for OpenStack 7.0.x	High	Fix Released
1547229	CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo	Mirantis OpenStack 8.0.x	High	Fix Released
1547229	CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo	Mirantis OpenStack 9.x	High	Invalid

Bug #1551369: wsrep_node_name blank for servers with 3rd level domain name

Summary				In	Importance	Status
	1551369	wsrep_node_name blank for servers with 3rd level domain name		Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC	Undecided	Fix Released

Bug #1719959: eglibc 2.19 leaks memory on getaddrinfo

Summary				In	Importance	Status
	1719959	eglibc 2.19 leaks memory on getaddrinfo		eglibc (Ubuntu)	Undecided	New

Bug #1821752: libc6 version 2.19 breaks NSS loading for static binaries

		In	Importance	Status
1821752	libc6 version 2.19 breaks NSS loading for static binaries	eglibc (Ubuntu)	Undecided	Fix Released
1821752	libc6 version 2.19 breaks NSS loading for static binaries	eglibc (Debian)	Unknown	Fix Released
1821752	libc6 version 2.19 breaks NSS loading for static binaries	eglibc	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-7547

References