Date: Tue, 2 Aug 2016 10:14:31 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417) We have assigned CVE-2016-5417 to a memory leak in glibc. It was introduced in glibc 2.22, with commit 2212c1420c92a33b0e0bd9a34938c9814a56c0f7 (which also caused other regressions, which is why we backed it out in Fedora). The leak is triggered if name resolution functions are called in such a way that internal resolver data structures are only initialized partially. The memory leak was independently reported as occurring during Apache httpd testing, so we found it prudent to treat it as a very minor security vulnerability. Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ