Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

[Florian Weimer <fw () deneb enyo de>]

> On Wed, 28 Jan 2015, Huzaifa Sidhpurwala wrote:
>
> > On 01/27/2015 11:35 PM, Florian Weimer wrote:
> > > * Marek Kroemeke:
> > >
> > > > We just noticed CVE-2015-0235 , and we thought we will drop this one
> > > > in - apologies for low quality , we didn't really have time yet to
> > > > analyse it, but it seems to be related, so it makes sense to patch
> > > > things once right ?
> > >
> > > It's not related, and we cannot patch it at the same time because
> > > packages for the gethostbyname issue are already ready, they just have
> > > to be released.  (When we change critical system components, we also
> > > need to be extra-careful with testing, which takes time.)
> > >
> > > Andreas Schwab fixed this in 2011:
> > >
> > >   <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7>
> > >
> > > If I'm not mistaken, this commit when into glibc 2.15.
> > >
> > > I have not yet found the corresponding glibc bug (if it exists).
> > >
> > > The bug only materializes if the getaddrinfo functions is called with
> > > the AI_IDN flag, and if glibc has been compiled with libidn support
> > > (but I haven't checked if you can switch that off these days).
> >
> > MITRE,
> >
> > This is a new flaw, can you please assign a CVE id to this?
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=797096
> >
> > Thanks!
> >
> > -- 
> > Huzaifa Sidhpurwala / Red Hat Product Security Team
>
> Use CVE-2012-6686 for "unbound alloca use in glob_in_dir" as covered
> by Red Hat Bugzilla ID 797096.

Oh, it seems Huzaifa posted the wrong Bugzilla reference.

We still need assignment for this fix:

  <https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7>

The matching Red Hat Bugzilla bug is:

  <https://bugzilla.redhat.com/show_bug.cgi?id=981942>

I haven't yet seen an upstream bug for it; this change happened before
upstream required bugs being filed for all user-visible changes.