PublicDateAtUSN: 2016-04-19 Candidate: CVE-2015-8779 PublicDate: 2016-04-19 21:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779 http://www.openwall.com/lists/oss-security/2016/01/20/1 https://ubuntu.com/security/notices/USN-2985-1 Description: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Ubuntu-Description: Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. Notes: Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=17905#c0 Priority: low Discovered-by: Maksymilian Arciemowicz Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_eglibc: upstream_eglibc: needed precise_eglibc: released (2.15-0ubuntu10.14) precise/esm_eglibc: released (2.15-0ubuntu10.14) trusty_eglibc: released (2.19-0ubuntu6.8) trusty/esm_eglibc: released (2.19-0ubuntu6.8) vivid_eglibc: DNE vivid/stable-phone-overlay_eglibc: DNE vivid/ubuntu-core_eglibc: DNE wily_eglibc: DNE xenial_eglibc: DNE yakkety_eglibc: DNE zesty_eglibc: DNE devel_eglibc: DNE Patches_glibc: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e upstream_glibc: needed precise_glibc: DNE precise/esm_glibc: DNE trusty_glibc: DNE trusty/esm_glibc: DNE vivid_glibc: ignored (reached end-of-life) vivid/stable-phone-overlay_glibc: ignored (reached end-of-life) vivid/ubuntu-core_glibc: released (2.21-0ubuntu4.0.7) wily_glibc: released (2.21-0ubuntu4.2) xenial_glibc: not-affected (2.23-0ubuntu1) esm-infra/xenial_glibc: not-affected (2.23-0ubuntu1) yakkety_glibc: not-affected (2.23-0ubuntu1) zesty_glibc: not-affected (2.23-0ubuntu1) devel_glibc: not-affected (2.23-0ubuntu1)