oss-security - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 29 Jan 2015 07:27:58 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com,
        Mitre CVE assign department <cve-assign@...re.org>
Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

On 01/29/2015 03:17 AM, Florian Weimer wrote:

>> Use CVE-2012-6686 for "unbound alloca use in glob_in_dir" as covered
>> by Red Hat Bugzilla ID 797096.
> 
> Oh, it seems Huzaifa posted the wrong Bugzilla reference.
> 

Yes, sorry wrong bz.

> We still need assignment for this fix:
> 
>   <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7>
> 
> The matching Red Hat Bugzilla bug is:
> 
>   <https://bugzilla.redhat.com/show_bug.cgi?id=981942>
The above is the correct bug  with the corresponding impact at:
https://bugzilla.redhat.com/show_bug.cgi?id=1186614

MITRE,

Can we still use the above CVE for this issue?

> 
> I haven't yet seen an upstream bug for it; this change happened before
> upstream required bugs being filed for all user-visible changes.
> 


-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.