openSUSE-SU-2016:2443

[oss-security] 20160818 CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang

92532

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

FEDORA-2016-5f050a0a6d

FEDORA-2016-57cba655d5

FEDORA-2016-87dde780b8

GLSA-201706-19

https://sourceware.org/bugzilla/show_bug.cgi?id=20435

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - GNU Libc current is affected by: Re-mapping current     loaded library with malicious ELF file. The impact is:
    In worst case attacker may evaluate privileges. The     component is: libld. The attack vector is: Attacker     sends 2 ELF files to victim and asks to run ldd on it.
    ldd execute code. NOTE: Upstream comments indicate     'this is being treated as a non-security bug and no     real threat.'(CVE-2019-1010023)

  - Stack-based buffer overflow in the getaddrinfo function     in sysdeps/posix/getaddrinfo.c in the GNU C Library     (aka glibc or libc6) allows remote attackers to cause a     denial of service (crash) via vectors involving hostent     conversion. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2013-4458.(CVE-2016-3706)

  - The iconv feature in the GNU C Library (aka glibc or     libc6) through 2.32, when processing invalid multi-byte     input sequences in the EUC-KR encoding, may have a     buffer over-read.(CVE-2019-25013)

  - The iconv function in the GNU C Library (aka glibc or     libc6) 2.32 and earlier, when processing invalid input     sequences in the ISO-2022-JP-3 encoding, fails an     assertion in the code path and aborts the program,     potentially resulting in a denial of     service.(CVE-2021-3326)

  - The iconv function in the GNU C Library (aka glibc or     libc6) 2.32 and earlier, when processing invalid     multi-byte input sequences in IBM1364, IBM1371,     IBM1388, IBM1390, and IBM1399 encodings, fails to     advance the input state, which could lead to an     infinite loop in applications, resulting in a denial of     service, a different vulnerability from     CVE-2016-10228.(CVE-2020-27618)

  - The makecontext function in the GNU C Library (aka     glibc or libc6) before 2.25 creates execution contexts     incompatible with the unwinder on ARM EABI (32-bit)     platforms, which might allow context-dependent     attackers to cause a denial of service (hang), as     demonstrated by applications compiled using gccgo,     related to backtrace generation.(CVE-2016-6323)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201706-19 (GNU C Library: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the GNU C Library.
      Please review the CVE identifiers and Qualys&rsquo; security advisory       referenced below for details.
  Impact :

    An attacker could possibly execute arbitrary code with the privileges of       the process, escalate privileges or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience.

Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service.
(CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2016-6323.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update addresses user-reported bugs and one minor security vulnerability (CVE-2016-6323, affects armhfp only).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

Security issues fixed :

  - arm: mark __startcontext as .cantunwind (CVE-2016-6323,     boo#994359, BZ #20435)

Bugs fixed :

  - aarch64: Merge __local_multiple_threads offset with     memory reference

  - Fix memory leak in regexp compiler (BZ #17069)

  - Provide correct buffer length to netgroup queries in     nscd (BZ #16695)

  - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer     (BZ #16878)

  - aarch64: End frame record chain correctly (BZ #17555)

  - _IO_wstr_overflow integer overflow (BZ #17269)

  - Fix nscd lookup when netgroup has wildcards (BZ #16758,     BZ #16759)

  - Avoid overlapping addresses to stpcpy calls in nscd (BZ     #16760)

  - resolv: Always set *resplen2 out parameter in send_dg     (boo#994576, BZ #19791)

  - Fix memory handling in strxfrm_l (BZ #16009)

  - Harden tls_dtor_list with pointer mangling (BZ #19018)

  - open and openat ignore 'mode' with O_TMPFILE in flags     (BZ #17523)

This update addresses user-reported bugs and one minor security vulnerability (CVE-2016-6323, which affects only armhfp).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
149140	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)	Nessus	Huawei Local Security Checks	high
100945	GLSA-201706-19 : GNU C Library: Multiple vulnerabilities (Stack Clash)	Nessus	Gentoo Local Security Checks	high
97936	Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)	Nessus	Ubuntu Local Security Checks	high
97887	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)	Nessus	Ubuntu Local Security Checks	high
97856	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)	Nessus	Ubuntu Local Security Checks	high
94822	Fedora 25 : glibc-arm-linux-gnu (2016-7befbe5e19)	Nessus	Fedora Local Security Checks	high
94809	Fedora 25 : glibc (2016-57cba655d5)	Nessus	Fedora Local Security Checks	high
94186	Fedora 23 : glibc-arm-linux-gnu (2016-b4c1b24a74)	Nessus	Fedora Local Security Checks	high
94148	Fedora 24 : glibc-arm-linux-gnu (2016-7e57edc4cc)	Nessus	Fedora Local Security Checks	high
93852	openSUSE Security Update : glibc (openSUSE-2016-1149)	Nessus	SuSE Local Security Checks	high
93329	Fedora 23 : glibc (2016-87dde780b8)	Nessus	Fedora Local Security Checks	high
93056	Fedora 24 : glibc (2016-5f050a0a6d)	Nessus	Fedora Local Security Checks	high

CVE-2016-6323

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high