Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Related bugs and status

CVE-2014-8121 (Candidate) is related to these bugs:

Bug #1546457: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

		In	Importance	Status
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	glibc (Ubuntu)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	eglibc (Ubuntu Precise)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	eglibc (Ubuntu Trusty)	High	Fix Released
1546457	libc6 2.15-0ubuntu10.13 doesn't mark reboot-required	glibc (Ubuntu Wily)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://www.debian.org/...
MISC: https://security.gento...
MISC: https://bugzilla.redha...
MISC: http://rhn.redhat.com/...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://www.ubuntu.com/...
MISC: http://www.ubuntu.com/...
MISC: https://sourceware.org...