Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Feb 2016 15:26:35 +0100
From: Daniel Fahlgren <>
Subject: CVE Request uclibc-ng dns resolver issues


Uclibc-ng 1.0.12 has been released which fixes some issues found in the
dns resolver code.

The first is a denial of service while parsing compressed items. An
attacker can make the application end up in an infinit loop. Fixed by:

The other problem is that a crafted packet will make the parser
terminate early. The buffer is never initialized and is later passed to
strdup(). Fixed by:

Can one or two CVEs be assigned for these issues?

Best regards,
Daniel Fahlgren

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ