LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

January 2015

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL January 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	CVE-2015-0235 / RHSA-2015:0092
From:	Steven Haigh <[log in to unmask]>
Reply To:	Steven Haigh <[log in to unmask]>
Date:	Wed, 28 Jan 2015 11:44:51 +1100
Content-Type:	multipart/signed
Parts/Attachments:	text/plain (485 bytes) , signature.asc (834 bytes)

As an FYI:

A heap-based buffer overflow was found in __nss_hostname_digits_dots(),
which is used by the gethostbyname() and gethostbyname2() glibc function
call. A remote attacker could use this flaw to execute arbitary code
with the permissions of the user running the application.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235

https://rhn.redhat.com/errata/RHSA-2015-0092.html

-- 
Steven Haigh

Email: [log in to unmask]
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV