Date: Tue, 16 Feb 2016 15:17:05 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function Hi, today, we are disclosing a vulnerability in the nss_dns backend for getaddrinfo, related to handling dual A/AAAA queries: The security impact of this issue was discovered roughly at the same time by the Google Security Team and Red Hat. Background information: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ