eglibc: code execution

Package(s):

eglibc glibc

CVE #(s):

CVE-2015-7547

Created:

February 16, 2016

Updated:

February 24, 2016

Description:

From the Debian advisory:

The Google Security Team and Red Hat discovered that the eglibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services.

Alerts:

SUSE	SUSE-SU-2016:0786-1	sles12-docker-image	2016-03-16
SUSE	SUSE-SU-2016:0778-1	sles11sp4-docker-image	2016-03-15
SUSE	SUSE-SU-2016:0748-1	sles12sp1-docker-image	2016-03-14
Slackware	SSA:2016-054-02	glibc	2016-02-23
Mageia	MGASA-2016-0079	glibc	2016-02-19
openSUSE	openSUSE-SU-2016:0512-1	glibc	2016-02-19
openSUSE	openSUSE-SU-2016:0511-1	glibc	2016-02-19
openSUSE	openSUSE-SU-2016:0510-1	glibc	2016-02-19
Arch Linux	ASA-201602-15	lib32-glibc	2016-02-17
Ubuntu	USN-2900-1	eglibc, glibc	2016-02-16
SUSE	SUSE-SU-2016:0470-1	glibc	2016-02-16
SUSE	SUSE-SU-2016:0472-1	glibc	2016-02-16
SUSE	SUSE-SU-2016:0473-1	glibc	2016-02-16
SUSE	SUSE-SU-2016:0471-1	glibc	2016-02-16
Scientific Linux	SLSA-2016:0175-1	glibc	2016-02-16
Scientific Linux	SLSA-2016:0176-1	glibc	2016-02-16
Oracle	ELSA-2016-0175	glibc	2016-02-16
Oracle	ELSA-2016-0176	glibc	2016-02-16
openSUSE	openSUSE-SU-2016:0490-1	glibc	2016-02-17
Gentoo	201602-02	glibc	2016-02-17
Fedora	FEDORA-2016-0480defc94	glibc	2016-02-17
Fedora	FEDORA-2016-0f9e9a34ce	glibc	2016-02-17
Debian-LTS	DLA-416-1	eglibc	2016-02-16
CentOS	CESA-2016:0175	glibc	2016-02-17
CentOS	CESA-2016:0176	glibc	2016-02-17
Arch Linux	ASA-201602-14	glibc	2016-02-17
Red Hat	RHSA-2016:0175-01	glibc	2016-02-16
Red Hat	RHSA-2016:0176-01	glibc	2016-02-16
Red Hat	RHSA-2016:0225-01	glibc	2016-02-16
Debian	DSA-3481-1	glibc	2016-02-16
Debian	DSA-3480-1	eglibc	2016-02-16