|
|
Log in / Subscribe / Register

Arch Linux alert ASA-201508-7 (glibc)



From:
    	      Remi Gacogne <rgacogne@archlinux.org> 


To:
    	      arch-security@archlinux.org 


Subject:
    	      [arch-security] [ASA-201508-7] glibc: denial of service 


Date:
    	      Sun, 16 Aug 2015 14:07:51 +0200


Message-ID:
    	      <55D07D17.3010501@archlinux.org>


Arch Linux Security Advisory ASA-201508-7
=========================================

Severity: Low
Date    : 2015-08-16
CVE-ID  : CVE-2014-8121
Package : glibc
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package glibc before version 2.22-1 is vulnerable to denial of service.

Resolution
==========

Upgrade to 2.22-1.

# pacman -Syu "glibc>=2.22-1"

The problem has been fixed upstream in version 2.22.

Workaround
==========

None.

Description
===========

It was found that the files backend of Name Service Switch (NSS) did not
isolate iteration over an entire database from key-based look-up API
calls. An application performing look-ups on a database while iterating
over it could enter an infinite loop, leading to a denial of service.

Impact
======

A remote attacker might be able to force a vulnerable application to
enter an infinite loop, thus causing denial of service.

References
==========

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014...
https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html
https://bugzilla.redhat.com/show_bug.cgi?id=1165192
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds