Date: Wed, 28 Jan 2015 13:17:40 -0500 (EST) From: cve-assign@...re.org To: Hanno Böck <hanno@...eck.de> cc: OSS Security <oss-security@...ts.openwall.com>, cve-assign@...re.org Subject: Re: the other glibc issue On Wed, 28 Jan 2015, Hanno Böck wrote: > Hi, > > Not sure why solardesigner didn't post this himself, but he tweetet > yesterday: > glibc "getaddrinfo() writes DNS queries to random file descriptors > under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946 > … "Fixed in 2.20", reopened, CVE? > > The corresponding bug title says most of it. It's supposed to be fixed > in glibc 2.20, however there is a comment saying it is not. > > cu, > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42 Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC stating: "Under high load, getaddrinfo() starts sending DNS queries to random file descriptors, e.g. some unrelated socket connected to a remote service." Which comment says that the issue is unfixed? The 2015-01-08 14:21:11 UTC comment by David Nilsson says "I'm unable to reproduce the correct behaviour," but does not suggest that the vulnerability is still present. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.