Launchpad CVE tracker

CVE 2015-8778

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Related bugs and status

CVE-2015-8778 (Candidate) is related to these bugs:

Bug #1394929: [FFe]Please provide 'locales-all' as in Debian

Summary				In	Importance	Status
	1394929	[FFe]Please provide 'locales-all' as in Debian		glibc (Ubuntu)	Undecided	Fix Released
	1394929	[FFe]Please provide 'locales-all' as in Debian		langpack-locales (Ubuntu)	Undecided	Fix Released

Bug #1497473: [FFe] update glibc to 2.22 in wily

Summary				In	Importance	Status
	1497473	[FFe] update glibc to 2.22 in wily		glibc (Ubuntu)	Undecided	Fix Released

Bug #1521172: [FFe][Ubuntu 16.04] Use glibc-2.23 in Ubuntu 16.04

Summary				In	Importance	Status
	1521172	[FFe][Ubuntu 16.04] Use glibc-2.23 in Ubuntu 16.04		glibc (Ubuntu)	Medium	Fix Released

Bug #1546457: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

		In	Importance	Status
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	glibc (Ubuntu)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	eglibc (Ubuntu Precise)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	eglibc (Ubuntu Trusty)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	glibc (Ubuntu Wily)	High	Fix Released

Bug #1821752: libc6 version 2.19 breaks NSS loading for static binaries

		In	Importance	Status
1821752	libc6 version 2.19 breaks NSS loading for static binaries	eglibc (Ubuntu)	Undecided	Fix Released
1821752	libc6 version 2.19 breaks NSS loading for static binaries	eglibc (Debian)	Unknown	Fix Released
1821752	libc6 version 2.19 breaks NSS loading for static binaries	eglibc	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-8778

References