CVE-2015-0235

Published: 27 January 2015

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Priority

Status

Package	Release	Status
eglibc Launchpad, Ubuntu, Debian	lucid	Released (2.11.1-0ubuntu7.20)
	precise	Released (2.15-0ubuntu10.10)
	trusty	Not vulnerable (2.19-0ubuntu6)
	upstream	Not vulnerable (2.18)
	utopic	Does not exist
glibc Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (2.18)
	utopic	Not vulnerable (2.19-10ubuntu2)

References

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
https://ubuntu.com/security/notices/USN-2485-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST
https://www.cve.org/CVERecord?id=CVE-2015-0235
NVD
Launchpad
Debian

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=15014

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›