Bug 973164 - (CVE-2016-3075) VUL-0: CVE-2016-3075: glibc: Stack overflow in nss_dns_getnetbyname_r
(CVE-2016-3075)
VUL-0: CVE-2016-3075: glibc: Stack overflow in nss_dns_getnetbyname_r
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Andreas Schwab
Security Team bot
https://smash.suse.de/issue/164997/
CVSSv2:SUSE:CVE-2016-3075:4.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-30 09:23 UTC by Victor Pereira
Modified: 2020-06-11 16:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-30 09:23:44 UTC
rh#1321866

A stack overflow vulnerability (unbounded allocation) in _nss_dns_getnetbyname_r function was found.

Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=19879

Proposed patch: https://sourceware.org/ml/libc-alpha/2016-03/msg00692.html


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1321866
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3075
Comment 2 Swamp Workflow Management 2016-03-30 22:00:25 UTC
bugbot adjusting priority
Comment 3 Andreas Schwab 2016-04-05 13:07:48 UTC
commit 317b199
Comment 8 Bernhard Wiedemann 2016-05-30 09:00:48 UTC
This is an autogenerated message for OBS integration:
This bug (973164) was mentioned in
https://build.opensuse.org/request/show/398848 13.2 / glibc
Comment 9 Swamp Workflow Management 2016-06-08 14:08:31 UTC
openSUSE-SU-2016:1527-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 969727,973010,973164,980483,980854
CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429
Sources used:
openSUSE 13.2 (src):    glibc-2.19-16.25.1, glibc-2.19-16.25.2, glibc-testsuite-2.19-16.25.2, glibc-utils-2.19-16.25.1
Comment 10 Swamp Workflow Management 2016-06-30 23:08:58 UTC
SUSE-SU-2016:1721-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 968787,969727,973010,973164,975930,980483,980854
CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    glibc-2.19-22.16.2
SUSE Linux Enterprise Server 12 (src):    glibc-2.19-22.16.2
SUSE Linux Enterprise Desktop 12 (src):    glibc-2.19-22.16.2
Comment 11 Swamp Workflow Management 2016-07-04 19:08:49 UTC
SUSE-SU-2016:1733-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 967190,968787,969727,973010,973164,975930,980483,980854
CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    glibc-2.19-38.2
SUSE Linux Enterprise Server 12-SP1 (src):    glibc-2.19-38.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    glibc-2.19-38.2
Comment 12 Andreas Stieger 2016-07-10 18:33:11 UTC
Releasing openSUSE Leap 42.1, done
Comment 13 Swamp Workflow Management 2016-07-10 22:15:29 UTC
openSUSE-SU-2016:1779-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 967190,968787,969727,973010,973164,975930,980483,980854
CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429
Sources used:
openSUSE Leap 42.1 (src):    glibc-2.19-22.1, glibc-testsuite-2.19-22.2, glibc-utils-2.19-22.1
Comment 16 Swamp Workflow Management 2016-08-25 16:10:46 UTC
SUSE-SU-2016:2156-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 931399,965699,969727,973010,973164,973179,980483,980854,986302
CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    glibc-2.11.3-17.102.1
SUSE Linux Enterprise Server 11-SP4 (src):    glibc-2.11.3-17.102.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    glibc-2.11.3-17.102.1
Comment 18 Andreas Schwab 2019-08-27 14:51:28 UTC
All updates released.