Bug 994359 - (CVE-2016-6323) VUL-0: CVE-2016-6323: glibc: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang
VUL-0: CVE-2016-6323: glibc: Missing unwind information on ARM EABI (32-bit) ...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other openSUSE 13.2
: P3 - Medium : Normal
: ---
Assigned To: Andreas Schwab
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2016-08-18 12:37 UTC by Marcus Meissner
Modified: 2016-10-04 14:10 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-18 12:37:12 UTC

 Andreas Schwab of SuSE reported and fixed a glibc bug where the makecontext function would create an execution context which is incompatible with the unwinder, causing it to hang when the generation of a backtrace is attempted:



This is a minor denial-of-service vulnerability.

The bug is specific to ARM EABI (32-bit) and does not affect other architectures. So far, only certain applications compiled using gccgo (not the main golang.org toolchain) are known to be affected.

Red Hat Product Security has assigned CVE-2016-6323 to this issue.


Comment 1 Marcus Meissner 2016-08-18 12:38:01 UTC
arm 32bit is used only on opensuse.
Comment 2 Swamp Workflow Management 2016-08-18 22:00:41 UTC
bugbot adjusting priority
Comment 3 Bernhard Wiedemann 2016-09-22 10:00:37 UTC
This is an autogenerated message for OBS integration:
This bug (994359) was mentioned in
https://build.opensuse.org/request/show/429438 13.2 / glibc
Comment 4 Andreas Stieger 2016-10-04 11:04:00 UTC
Releasing openSUSE update
Comment 5 Swamp Workflow Management 2016-10-04 14:10:12 UTC
openSUSE-SU-2016:2443-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 994359,994576
CVE References: CVE-2016-6323
Sources used:
openSUSE 13.2 (src):    glibc-2.19-16.28.1, glibc-testsuite-2.19-16.28.2, glibc-utils-2.19-16.28.1