[UCI-Linux] CVE-2015-0235 glibc gethostbyname buffer overflow
Mike Iglesias
iglesias at uci.edu
Tue Jan 27 10:52:54 PST 2015
A recent code audit of the GNU C library (glibc) has discovered a buffer
overflow in the gethostbyname code that could lead to local or remote code
execution. This bug affects glibc releases prior to 2.18, and most stable and
long-term support releases could be vulnerable. This includes CentOS 6 and 7,
RedHat Enterprise 6 and 7, Debian 7, etc.
An exploit has been created that causes the Exim mail server to crash so the
bug is exploitable remotely.
Fixes should be out shortly for affected releases of glibc. If your system is
affected, you should watch for the update and apply it as soon as possible.
More information is available here:
http://www.openwall.com/lists/oss-security/2015/01/27/9
--
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Office of Information Technology FAX: 949-824-2270
More information about the UCI-Linux
mailing list