touch-packages team mailing list archive

Thread
Date

[Bug 1328975] Re: libc6: getaddrinfo() sends DNS queries to random file descriptors

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: stevenschlansker <stevenschlansker@xxxxxxxxx>
Date: Fri, 11 Sep 2015 20:53:38 -0000
Reply-to: Bug 1328975 <1328975@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

It looks like the bug may actually be fixed in trusty-security eglibc
2.19-0ubuntu6.6

eglibc (2.19-0ubuntu6.6) trusty-security; urgency=medium

  * SECURITY UPDATE: getaddrinfo writes to random file descriptors under
    high load
    - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
      after calling reopen in resolv/res_send.c.
    - CVE-2013-7423

So this bug status is misleading; the issue should be fixed against
Trusty I believe.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7423

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1328975

Title:
  libc6: getaddrinfo() sends DNS queries to random file descriptors

Status in eglibc package in Ubuntu:
  Invalid
Status in glibc package in Ubuntu:
  Fix Released
Status in eglibc source package in Trusty:
  Confirmed
Status in glibc source package in Trusty:
  Invalid

Bug description:
  There is an upstream report for debian here https://bugs.debian.org
  /cgi-bin/bugreport.cgi?bug=722075 which has been fixed in eglibc
  2.19.1 which is now in debian jessie/sid.  See that upstream report
  for a short program which replicates the bug.  I was able to replicate
  the bug on Ubuntu 14.04 using that test script.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: libc6 2.19-0ubuntu6
  ProcVersionSignature: Ubuntu 3.13.0-29.53-generic 3.13.11.2
  Uname: Linux 3.13.0-29-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.2
  Architecture: amd64
  Date: Wed Jun 11 16:32:43 2014
  Dependencies:
   gcc-4.9-base 4.9-20140406-0ubuntu1
   libc6 2.19-0ubuntu6
   libgcc1 1:4.9-20140406-0ubuntu1
   multiarch-support 2.19-0ubuntu6
  Ec2AMI: ami-30837058
  Ec2AMIManifest: ubuntu-us-east-1/images/ubuntu-trusty-14.04-amd64-server-20140607.1.manifest.xml
  Ec2AvailabilityZone: us-east-1a
  Ec2InstanceType: c3.2xlarge
  Ec2Kernel: aki-919dcaf8
  Ec2Ramdisk: unavailable
  ProcEnviron:
   TERM=xterm-color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: eglibc
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1328975/+subscriptions