Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-19591

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

Related bugs and status

CVE-2018-19591 (Candidate) is related to these bugs:

Bug #420609: wrong LC_TIME in Italian

		In	Importance	Status
420609	wrong LC_TIME in Italian	glibc (Ubuntu)	Undecided	Invalid
420609	wrong LC_TIME in Italian	GLibC	Medium	Fix Released
420609	wrong LC_TIME in Italian	eglibc (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://sourceware.org...
CONFIRM: https://sourceware.org...
CONFIRM: https://sourceware.org...
FEDORA: FEDORA-2018-060302dc83
FEDORA: FEDORA-2018-f6b7df660d
BID: 106037
SECTRACK: 1042174
CONFIRM: https://security.netap...
GENTOO: GLSA-201903-09
GENTOO: GLSA-201908-06
UBUNTU: USN-4416-1