Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-7547

Published: 16 February 2016

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Notes

AuthorNote
jdstrand
stable-phone-overlay will be updated in OTA 9.1
tyhicks alerted the Snappy team for an emergency update

Priority

High

CVSS 3 base score: 8.1

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
precise
Released (2.15-0ubuntu10.13)
trusty
Released (2.19-0ubuntu6.7)
upstream Needs triage

vivid Does not exist

wily Does not exist

glibc
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needs triage

vivid Ignored
(reached end-of-life)
wily
Released (2.21-0ubuntu4.1)