CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%
Package : eglibc
Version : 2.11.3-4+deb6u11
CVE ID : CVE-2015-7547
Several vulnerabilities have been fixed in the Debian GNU C Library,
eglibc:
CVE-2015-7547
The Google Security Team and Red Hat discovered that the glibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismange its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.
The following fixed vulnerabilities currently lack CVE assignment:
Andreas Schwab reported a memory leak (memory allocation without a
matching deallocation) while processing certain DNS answers in
getaddrinfo, related to the _nss_dns_gethostbyname4_r function.
This vulnerability could lead to a denial of service.
For Debian 6 "Squeeze", these issues have been fixed in eglibc version
eglibc_2.11.3-4+deb6u11. In addition this version corrects the fix for
CVE-2014-9761 in Squeeze, which have wrongly marked a few symbols as
public instead of private.
While it is only necessary to ensure that all processes are not using
the old eglibc anymore, it is recommended to reboot the machines after
applying the security upgrade.
We recommend you to upgrade your eglibc packages.
Attachment:
signature.asc
Description: PGP signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | armhf | libc6-pic | < 2.19-18+deb8u3 | libc6-pic_2.19-18+deb8u3_armhf.deb |
Debian | 7 | s390x | libc6-udeb | < 2.13-38+deb7u10 | libc6-udeb_2.13-38+deb7u10_s390x.deb |
Debian | 7 | sparc | libc6-dev-sparc64 | < 2.13-38+deb7u10 | libc6-dev-sparc64_2.13-38+deb7u10_sparc.deb |
Debian | 8 | kfreebsd-i386 | libc0.1-i686 | < 2.19-18+deb8u3 | libc0.1-i686_2.19-18+deb8u3_kfreebsd-i386.deb |
Debian | 8 | s390x | libc-bin | < 2.19-18+deb8u3 | libc-bin_2.19-18+deb8u3_s390x.deb |
Debian | 7 | s390 | libnss-files-udeb | < 2.13-38+deb7u10 | libnss-files-udeb_2.13-38+deb7u10_s390.deb |
Debian | 7 | sparc | libnss-files-udeb | < 2.13-38+deb7u10 | libnss-files-udeb_2.13-38+deb7u10_sparc.deb |
Debian | 8 | mipsel | libc6-udeb | < 2.19-18+deb8u3 | libc6-udeb_2.19-18+deb8u3_mipsel.deb |
Debian | 8 | amd64 | nscd | < 2.19-18+deb8u3 | nscd_2.19-18+deb8u3_amd64.deb |
Debian | 7 | s390 | libc6-udeb | < 2.13-38+deb7u10 | libc6-udeb_2.13-38+deb7u10_s390.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%