Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 2 Aug 2016 10:14:31 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers
 (CVE-2016-5417)

We have assigned CVE-2016-5417 to a memory leak in glibc.  It was 
introduced in glibc 2.22, with commit 
2212c1420c92a33b0e0bd9a34938c9814a56c0f7 (which also caused other 
regressions, which is why we backed it out in Fedora).

The leak is triggered if name resolution functions are called in such a 
way that internal resolver data structures are only initialized 
partially.  The memory leak was independently reported as occurring 
during Apache httpd testing, so we found it prudent to treat it as a 
very minor security vulnerability.

Florian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ