CVE-2015-5277

Priority
Description
The get_contents function in nss_files/files-XXX.c in the Name Service
Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow
local users to cause a denial of service (heap corruption) or gain
privileges via a long line in the NSS files database.
Ubuntu-Description
Sumit Bose and Lukáš Slebodník discovered that the Name Service
Switch (NSS) implementation in the GNU C Library did not handle long
lines in the files databases correctly. A local attacker could use
this to cause a denial of service (application crash) or possibly
execute arbitrary code.
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (2.19-0ubuntu6.8)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.20)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac60763eac3d43b7234dd21286ad3ec3f17957fc
More Information

Updated: 2020-07-28 19:54:46 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)