Bugzilla – Bug 980483
VUL-0: CVE-2016-3706: glibc: stack overflow in hostent translation
Last modified: 2019-08-22 14:56:17 UTC
CVE-2016-3706 https://sourceware.org/bugzilla/show_bug.cgi?id=20010 When converting a struct hostent response to struct gaih_addrtuple, the gethosts macro (which is called from gaih_inet) uses alloca, without malloc fallback for large responses. This code path is used with AF_INET and AF_INET6 queries, not AF_UNSPEC queries. In essence, this is an incomplete fix for CVE-2013-4458 (bug 16072). The buffer passed to the NSS module is relocated to the heap, but data from it is still copied to the stack. Over DNS, at most 4095 addresses can arrive, and per address, a net 40 bytes of stack space are needed, so with usual stack sizes and system configurations, the bug cannot be triggered over the network. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3706.html
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (980483) was mentioned in https://build.opensuse.org/request/show/398848 13.2 / glibc
openSUSE-SU-2016:1527-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 969727,973010,973164,980483,980854 CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429 Sources used: openSUSE 13.2 (src): glibc-2.19-16.25.1, glibc-2.19-16.25.2, glibc-testsuite-2.19-16.25.2, glibc-utils-2.19-16.25.1
SUSE-SU-2016:1721-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 968787,969727,973010,973164,975930,980483,980854 CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): glibc-2.19-22.16.2 SUSE Linux Enterprise Server 12 (src): glibc-2.19-22.16.2 SUSE Linux Enterprise Desktop 12 (src): glibc-2.19-22.16.2
SUSE-SU-2016:1733-1: An update that solves four vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 967190,968787,969727,973010,973164,975930,980483,980854 CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): glibc-2.19-38.2 SUSE Linux Enterprise Server 12-SP1 (src): glibc-2.19-38.2 SUSE Linux Enterprise Desktop 12-SP1 (src): glibc-2.19-38.2
openSUSE-SU-2016:1779-1: An update that solves four vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 967190,968787,969727,973010,973164,975930,980483,980854 CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429 Sources used: openSUSE Leap 42.1 (src): glibc-2.19-22.1, glibc-testsuite-2.19-22.2, glibc-utils-2.19-22.1
SUSE-SU-2016:2156-1: An update that solves four vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 931399,965699,969727,973010,973164,973179,980483,980854,986302 CVE References: CVE-2016-1234,CVE-2016-3075,CVE-2016-3706,CVE-2016-4429 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): glibc-2.11.3-17.102.1 SUSE Linux Enterprise Server 11-SP4 (src): glibc-2.11.3-17.102.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): glibc-2.11.3-17.102.1
*** Bug 997423 has been marked as a duplicate of this bug. ***
All updates released.