CVE-2015-5180

Priority
Description
res_query in libresolv in glibc before 2.25 allows remote attackers to
cause a denial of service (NULL pointer dereference and process crash).
Ubuntu-Description
Florian Weimer discovered a NULL pointer dereference in the DNS
resolver of the GNU C Library. An attacker could use this to cause
a denial of service.
Notes
tyhicksSee test case in the bug
no fix upstream as of 2016-09-09
sbeattiepatch committed upstream on 2016-12-31; renames symbol so
backporting may not be easy.
commit included in glibc 2.25 release
debian fixed this in unstable in 2.24-9
fixing this does indeed break the internal ABI between
libnss_dns and libresolv. We're backing out this change.
reverted from zesty in 2.24-9ubuntu2 by infinity.
For existing releases, DO NOT APPLY THIS PATCH due to ABI
breakage. Fix will come in to 17.10 when we get glibc-2.25 as we
do not guarantee ABI for libresolv internals across different glibc
releases, just for upgrades for same versions e.g. (2.24 -> 2.24)
REPEAT: DO NOT APPLY THIS PATCH (UNMODIFIED) IN A STABLE RELEASE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.25)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.27-3ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.27-3ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.27-3ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.27-3ubuntu1)
Patches:
Upstream:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5 (2.25)
Upstream:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=b3b37f1a5559a7620e31c8053ed1b44f798f2b6d (2.24)
More Information

Updated: 2019-12-05 19:25:21 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)