Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2015 13:17:40 -0500 (EST)
To: Hanno Böck <>
cc: OSS Security <>,
Subject: Re: the other glibc issue

On Wed, 28 Jan 2015, Hanno Böck wrote:

> Hi,
> Not sure why solardesigner didn't post this himself, but he tweetet
> yesterday:
> glibc "getaddrinfo() writes DNS queries to random file descriptors
> under high load"
> … "Fixed in 2.20", reopened, CVE?
> The corresponding bug title says most of it. It's supposed to be fixed
> in glibc 2.20, however there is a comment saying it is not.
> cu,
> -- 
> Hanno Böck
> mail/jabber:
> GPG: BBB51E42

Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC 
stating: "Under high load, getaddrinfo() starts sending DNS queries to 
random file descriptors, e.g. some unrelated socket connected to a remote 

Which comment says that the issue is unfixed?  The 2015-01-08 14:21:11 UTC 
comment by David Nilsson says "I'm unable to reproduce the correct 
behaviour," but does not suggest that the vulnerability is still present.


CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ