stable

glibc-2.22-9.fc23

FEDORA-2016-0f9e9a34ce created by fweimer 8 years ago for Fedora 23

This updates addresses a critical security vulnerability in the DNS resolver related to AF_UNSPEC queries with getaddrinfo (CVE-2015-7547).

In addition, a bug that causes Hesiod lookups to fail with a crash is fixed.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-0f9e9a34ce

This update has been submitted for testing by fweimer.

8 years ago
User Icon till commented & provided feedback 8 years ago
karma

No problems noticed after manually updating from koji and rebooting.

User Icon hph commented & provided feedback 8 years ago
karma

Looks good to me as well.

User Icon lyude commented & provided feedback 8 years ago
karma

Works fine for me

User Icon hph commented & provided feedback 8 years ago

Additionally verified that no more segfault occurs with provided PoC.

BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]
BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
User Icon law commented & provided feedback 8 years ago
karma

Works for me.

User Icon hreindl commented & provided feedback 8 years ago
karma

works for me

User Icon pcfe commented & provided feedback 8 years ago
karma

Also no problems noticed after manually updating from koji and rebooting.

User Icon amluto commented & provided feedback 8 years ago
karma

works for me.

User Icon fweimer provided feedback 8 years ago
BZ#1252570 glibc-2.21.90-21.fc23 segfaults in hesiod getgrouplist()
BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]
BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
User Icon anonymous commented & provided feedback 8 years ago

works for me

karma: +1

User Icon adamwill commented & provided feedback 8 years ago
karma

working OK here. haven't confirmed security fix, but no critpath problems.

User Icon rg3 commented & provided feedback 8 years ago
karma

Everything working fine after a reboot. Didn't check CVE-2015-7547.

User Icon dhgutteridge commented & provided feedback 8 years ago
karma

No issues noted in everyday use.

User Icon kruton provided feedback 8 years ago
karma
User Icon anonymous commented & provided feedback 8 years ago

6 hours after the build was completed and still in pending state and not in the updates-testing repo (not counting that it should go directly to the stable repo)? Fix for serious security bug? Are you joking?

User Icon ttrinks commented & provided feedback 8 years ago
karma

+1

BZ#1252570 glibc-2.21.90-21.fc23 segfaults in hesiod getgrouplist()
BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]
BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
User Icon fedpop commented & provided feedback 8 years ago
karma

I'm with anonymous.. these security updates take too long.

BZ#1252570 glibc-2.21.90-21.fc23 segfaults in hesiod getgrouplist()
BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]
BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

This update has been pushed to testing.

8 years ago

This update has been submitted for stable by bodhi.

8 years ago
User Icon anonymous commented & provided feedback 8 years ago

works for me

karma: +1

User Icon pagiator commented & provided feedback 8 years ago
karma

works here

User Icon pagiator commented & provided feedback 8 years ago
karma

works here

User Icon mmoeller commented & provided feedback 8 years ago
karma

Works for me

BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

This update has been pushed to stable.

8 years ago
User Icon cks commented & provided feedback 8 years ago
karma

This update reliably causes my self-built Firefox to fail to resolve hostnames after being installed. Hostnames are generally resolvable by other tools, but the Firefox failure is immediate and almost total. glibc-2.22-7.fc23 works fine.

User Icon till commented & provided feedback 8 years ago

cks: Did you file a bug report with more, detailed information?

User Icon codonell commented & provided feedback 8 years ago

I've asked cks by email to help us triage what's going on with his Firefox builds.

User Icon fweimer commented & provided feedback 8 years ago

See https://bugzilla.redhat.com/show_bug.cgi?id=1252570#c6 for the issue reported by cks. If we say reboot required, we actually mean it. ☺

User Icon piscium commented & provided feedback 8 years ago
karma

works for me.

User Icon anonymous commented & provided feedback 8 years ago

Where is update for Fedora 22? :-(

User Icon hreindl commented & provided feedback 8 years ago

@anonymous here is the update for F22: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0480defc94 which is pushed to stable and was deployed from koji 30 hours ago to all our production servers by me

User Icon anonymous commented & provided feedback 8 years ago

Any chance of a Fedora 21 update?

User Icon hreindl commented & provided feedback 8 years ago

@anonymous: Fedora 21 is EOL long ago and should not be installed anywhere this time so there is no chance and this bodhi ticket is ONLY for the F23 build


Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
15
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#1252570 glibc-2.21.90-21.fc23 segfaults in hesiod getgrouplist()
0
2
BZ#1293532 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
0
4
BZ#1308943 CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow [fedora-all]
0
3

Automated Test Results