Bugzilla – Bug 994359
VUL-0: CVE-2016-6323: glibc: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang
Last modified: 2016-10-04 14:10:12 UTC
Andreas Schwab of SuSE reported and fixed a glibc bug where the makecontext function would create an execution context which is incompatible with the unwinder, causing it to hang when the generation of a backtrace is attempted:
This is a minor denial-of-service vulnerability.
The bug is specific to ARM EABI (32-bit) and does not affect other architectures. So far, only certain applications compiled using gccgo (not the main golang.org toolchain) are known to be affected.
Red Hat Product Security has assigned CVE-2016-6323 to this issue.
arm 32bit is used only on opensuse.
bugbot adjusting priority
This is an autogenerated message for OBS integration:
This bug (994359) was mentioned in
https://build.opensuse.org/request/show/429438 13.2 / glibc
Releasing openSUSE update
openSUSE-SU-2016:2443-1: An update that solves one vulnerability and has one errata is now available.
Category: security (moderate)
Bug References: 994359,994576
CVE References: CVE-2016-6323
openSUSE 13.2 (src): glibc-2.19-16.28.1, glibc-testsuite-2.19-16.28.2, glibc-utils-2.19-16.28.1