CVE 2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Related bugs and status
CVE-2015-7547 (Candidate) is related to these bugs:
Bug #1394929: [FFe]Please provide 'locales-all' as in Debian
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1394929 | [FFe]Please provide 'locales-all' as in Debian | glibc (Ubuntu) | Undecided | Fix Released | ||
1394929 | [FFe]Please provide 'locales-all' as in Debian | langpack-locales (Ubuntu) | Undecided | Fix Released |
Bug #1465307: 1.24.0: Lots of "agent is lost, sorry!" messages
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1465307 | 1.24.0: Lots of "agent is lost, sorry!" messages | juju-core | High | New |
Bug #1497473: [FFe] update glibc to 2.22 in wily
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1497473 | [FFe] update glibc to 2.22 in wily | glibc (Ubuntu) | Undecided | Fix Released |
Bug #1521172: [FFe][Ubuntu 16.04] Use glibc-2.23 in Ubuntu 16.04
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1521172 | [FFe][Ubuntu 16.04] Use glibc-2.23 in Ubuntu 16.04 | glibc (Ubuntu) | Medium | Fix Released |
Bug #1546457: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1546457 | libc6 2.15-0ubuntu10.13 doesn't mark reboot-required | glibc (Ubuntu) | High | Fix Released | ||
1546457 | libc6 2.15-0ubuntu10.13 doesn't mark reboot-required | eglibc (Ubuntu Precise) | High | Fix Released | ||
1546457 | libc6 2.15-0ubuntu10.13 doesn't mark reboot-required | eglibc (Ubuntu Trusty) | High | Fix Released | ||
1546457 | libc6 2.15-0ubuntu10.13 doesn't mark reboot-required | glibc (Ubuntu Wily) | High | Fix Released |
Bug #1547229: CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1547229 | CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo | Mirantis OpenStack | High | Fix Released | ||
1547229 | CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo | Fuel for OpenStack 6.1.x | High | Fix Released | ||
1547229 | CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo | Fuel for OpenStack 6.0.x | High | Fix Released | ||
1547229 | CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo | Fuel for OpenStack 7.0.x | High | Fix Released | ||
1547229 | CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo | Mirantis OpenStack 8.0.x | High | Fix Released | ||
1547229 | CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo | Mirantis OpenStack 9.x | High | Invalid |
Bug #1551369: wsrep_node_name blank for servers with 3rd level domain name
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1551369 | wsrep_node_name blank for servers with 3rd level domain name | Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC | Undecided | Fix Released |
Bug #1719959: eglibc 2.19 leaks memory on getaddrinfo
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1719959 | eglibc 2.19 leaks memory on getaddrinfo | eglibc (Ubuntu) | Undecided | New |
Bug #1821752: libc6 version 2.19 breaks NSS loading for static binaries
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1821752 | libc6 version 2.19 breaks NSS loading for static binaries | eglibc (Ubuntu) | Undecided | Fix Released | ||
1821752 | libc6 version 2.19 breaks NSS loading for static binaries | eglibc (Debian) | Unknown | Fix Released | ||
1821752 | libc6 version 2.19 breaks NSS loading for static binaries | eglibc | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.