Revision history [back]

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

As hackers are working on real exploits and I don't know if SFOS uses ASLR this seem very urgent.

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits) this seem seems very urgent.

CVE-2015-7547 CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system.

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits) this seems very urgent.

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system.system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits) this seems very urgent.

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits) this seems very urgent.

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR ASLR (which prevents the most simple exploits) exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.

Possible workarounds without patching are not suitable!

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779

CVE-2015-8779 With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.

Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses

• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs

• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information

• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution

• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.

• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.

(from SUSE:SLE-12-SP1 update today)patch from 20160217)

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.

urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses

responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs

programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information

information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution

execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.

code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.

code.
(from SUSE:SLE-12-SP1 patch from 20160217)

CVE-2015-7547 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 (= MER#1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 (= ( = MER#1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER#1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER#1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER#1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER#1515) MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent.
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-7547 ( = MER # 1515) CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (released in final Taalojärvi)
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-7547 ( = MER # 1515)
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (released in final Taalojärvi)
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-7547 ( = MER # 1515)
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (released in final Taalojärvi)
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-7547 ( = MER # 1515)
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (released in final Taalojärvi)
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-7547 ( = MER # 1515)
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (released in final Taalojärvi)
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-7547 ( = MER # 1515)
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits and I don't know if SFOS uses this is very urgent. SFOS seems to use ASLR (which prevents the most simple exploits - and if it does, what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries
this seems very urgent. libraries. But aslr is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547cve-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (released in final Taalojärvi)
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code.
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code.
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits this is very urgent. SFOS seems seems¹ to use ASLR (which prevents the most simple exploits - and if it does, exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ) cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries. ? But aslr is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( cve-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi)
• CVE-2015-8777: ))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE) CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779
With manipulated DNS answers, it is possible to crash an application, with a more sophisticated attack, it is possible to take over the whole system (article).

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? But aslr ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

These vulnerabilities are fixed in glibc-2.19-0ubuntu6.9glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it has did not happened happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 [CVE-2015-1781] [CVE-2014-8121] [CVE-2015-5277] [CVE-2016-3075] [CVE-2016-2856]

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 [CVE-2015-1781] [CVE-2014-8121] [CVE-2015-5277] [CVE-2016-3075] [CVE-2016-2856]

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 [CVE-2015-1781] [CVE-2014-8121] [CVE-2015-5277] [CVE-2016-3075] [CVE-2016-2856] [CVE-2016-1234] [CVE-2016-4429]

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 [CVE-2015-1781] [CVE-2014-8121] [CVE-2015-5277] [CVE-2016-3075] [CVE-2016-2856] [CVE-2016-1234] [CVE-2016-4429]

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 [CVE-2015-1781] [CVE-2014-8121] [CVE-2015-5277] [CVE-2016-3075] [CVE-2016-2856] [CVE-2016-1234] [CVE-2016-4429] CVE-2015-1781 CVE-2014-8121 CVE-2015-5277 CVE-2016-3075 CVE-2016-2856 CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-1781 CVE-2014-8121 CVE-2015-5277 CVE-2016-3075
=MER#1633

CVE-2016-2856 CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-1781 CVE-2014-8121 CVE-2015-5277 CVE-2016-3075
=MER#1633

CVE-2016-2856 CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-1781 CVE-2014-8121 CVE-2015-5277 CVE-2016-3075
=MER#1633

CVE-2016-2856 CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, so implementing should be no problem but it did not happen yet: ubuntu6.9 with missing debian/patches/any/CVE-2014-9761-2.diff entered in mer-repo on 2016-09-05: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-1781 CVE-2014-8121 CVE-2015-5277 CVE-2016-3075
=MER#1633

CVE-2016-2856 CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, ubuntu6.9 with missing debian/patches/any/CVE-2014-9761-2.diff (leaving CVE-2014-9761 unfixed) entered in mer-repo on 2016-09-05: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2015-8777 CVE-2015-8776 CVE-2015-8778 CVE-2014-9761 CVE-2015-8779 CVE-2015-1781 CVE-2014-8121 CVE-2015-5277 CVE-2016-3075
=MER#1633

CVE-2016-2856 CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• (CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (Accessvector:Local CVSS v3 Base Score:5.5/10 medium)
• fix released in Haapajoki)
• (CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.1/10 critical)
• CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical) fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) (Accessvector:local CVSS v3 Base Score:6.8/10 medium)
• CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:5.0/10 medium) (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• CVE-2015-5277: glibc: data corruption while reading the NSS files database (Accessvector:local score:High)
• nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 high)
• CVE-2016-2856: pre glibc-2.19+6.8 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. (Accessvector:Local CVSS v3 Base Score:8.4/10 high) (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) are fixed in glibc-2.19-0ubuntu6.8 and SFOS glibc is based on 2.19-ubuntu-version, ubuntu6.9 with debian/patches/any/CVE-2014-9761-2.diff (leaving CVE-2014-9761 unfixed) entered in mer-repo on 2016-09-05: mer-glibc-git

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2014-9761
=MER#1633

CVE-2016-1234 CVE-2016-4429

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))
• (CVE-2015-8777 fix released in Haapajoki)
• (CVE-2015-8776: fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:7.5/10 High) (Fix released in Jämsänjoki)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 Critical)(Fix released in Jämsänjoki)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)

These vulnerabilities (but CVE-2016-1234 and CVE-2016-4429) not cve-2014-9761) are fixed in glibc-2.19-0ubuntu6.8 glibc-2.19-0ubuntu6.9 and SFOS glibc is based on 2.19-ubuntu-version, ubuntu6.9 -0ubuntu6.13, version -0ubuntu6.8 with debian/patches/any/CVE-2014-9761-2.diff (leaving CVE-2014-9761 unfixed) entered in mer-repo on 2016-09-05: mer-glibc-gitprovides inconvenient fix adding an additional symbol to symbol-table (requires manual restart of server services after patching)

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2014-9761
( =MER#1633 )
CVE-2015-5180
CVE-2018-1000001

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• ( (CVE-2015-7547 (the one and only glibc related issue fix released in final Taalojärvi))fix released in Taalojärvi)
• (CVE-2015-8777 fix released in Haapajoki)
• (CVE-2015-8776: fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160217)

• Do not copy d_name field of struct dirent. (CVE-2016-1234) (Fix • (CVE-2016-1234 Fix released in Jämsänjoki)
• Do not use alloca in clntudp_call. (CVE-2016-4429) (Fix (CVE-2016-4429 Fix released in Jämsänjoki)
(from SUSE:SLE-12-SP1 patch of glibc 2.19 from 20160711)

additionally:
• (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)

These vulnerabilities (but • CVE-2018-1000001: libc does not cve-2014-9761) are fixed in glibc-2.19-0ubuntu6.9 and -0ubuntu6.13, version -0ubuntu6.8 account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function. Priority: High
• CVE-2017-15670: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2017-15671: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with debian/patches/any/CVE-2014-9761-2.diff provides inconvenient fix adding an additional symbol GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to symbol-table (requires manual restart a denial of server services after patching)service (memory leak).

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2014-9761 ( =MER#1633 )
CVE-2015-5180
CVE-2018-1000001 ( =MER#1869 ) [Priority: High]

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• (CVE-2015-7547 fix released in Taalojärvi)
• (CVE-2015-8777 fix released in Haapajoki)
• (CVE-2015-8776: fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

• (CVE-2016-1234 Fix released in Jämsänjoki)
• (CVE-2016-4429 Fix released in Jämsänjoki)

additionally:
• (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)
• CVE-2018-1000001: libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function. Priority: High
• CVE-2017-15670: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2017-15671: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2014-9761 ( =MER#1633 )
CVE-2015-5180
CVE-2018-1000001 ( =MER#1869 ) [Priority: High]
CVE-2017-8804 CVE-2017-12132 CVE-2018-6485 [Priority: medium]

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• (CVE-2015-7547 fix released in Taalojärvi)
• (CVE-2015-8777 fix released in Haapajoki)
• (CVE-2015-8776: fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

• (CVE-2016-1234 Fix released in Jämsänjoki)
• (CVE-2016-4429 Fix released in Jämsänjoki)

additionally:
• (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)
• CVE-2018-1000001: libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function. Priority: High
• CVE-2017-15670: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2017-15671: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
• CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring (bsc#1037930)
• CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791)
• CVE-2018-6485: Fix integer overflows in internal memalign and malloc functions (bsc#1079036)

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2014-9761 ( =MER#1633 )
CVE-2015-5180
CVE-2018-1000001 ( =MER#1869 ) [Priority: High]
CVE-2017-8804 CVE-2017-12132 CVE-2018-6485 [Priority: medium]medium]
CVE-2017-12133

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• (CVE-2015-7547 fix released in Taalojärvi)
• (CVE-2015-8777 fix released in Haapajoki)
• (CVE-2015-8776: fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

• (CVE-2016-1234 Fix released in Jämsänjoki)
• (CVE-2016-4429 Fix released in Jämsänjoki)

additionally:
• (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)
• CVE-2018-1000001: libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function. Priority: High
• CVE-2017-15670: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2017-15671: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
• CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring (bsc#1037930)
• CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791)
• CVE-2018-6485: Fix integer overflows in internal memalign and malloc functions (bsc#1079036)
• CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) (Accessvector: network/remote)

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.

CVE-2014-9761 ( =MER#1633 )
CVE-2015-5180
CVE-2018-1000001 ( =MER#1869 ) [Priority: High]
CVE-2017-8804 CVE-2017-12132 CVE-2018-6485 CVE-2018-11236 [Priority: medium]
CVE-2017-12133

As hackers are working on real exploits this is very urgent. SFOS seems¹ to use ASLR (which prevents the most simple exploits), but what occurrence does it use: the weak form of kernel 2.6.12 or Position-independent executable (PIE) which is stronger but weak in low memory conditions :-( ? ASLR is not perfect: Here is an interesting article about ASLR on ARMv7 devices [Stagefright is not fixed btw and could harm a JollaPhone].
Possible workarounds without patching are not suitable!

• (CVE-2015-7547 fix released in Taalojärvi)
• (CVE-2015-8777 fix released in Haapajoki)
• (CVE-2015-8776: fix released in Haapajoki)
• (CVE-2015-8778: fix released in Haapajoki)
• CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• (CVE-2015-8779: fix released in Haapajoki)
• (CVE-2015-1781: fix released in Haapajoki)
• (CVE-2014-8121: fix released in Haapajoki)

• (CVE-2016-1234 Fix released in Jämsänjoki)
• (CVE-2016-4429 Fix released in Jämsänjoki)

additionally:
• (CVE-2015-5277: fix released in Haapajoki)
• (CVE-2016-3075 fix released in Haapajoki)
• (CVE-2016-2856: fix released in Haapajoki)
• CVE-2018-1000001: libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function. Priority: High
• CVE-2017-15670: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (Accessvector:NETWORK/REMOTE CVSS v3 Base Score:9.8/10 critical)
• CVE-2017-15671: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
• CVE-2017-8804: Fix memory leak after deserialization failure in xdrbytes, xdrstring (bsc#1037930)
• CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791)
• CVE-2018-6485: Fix integer overflows in internal memalign and malloc functions (bsc#1079036)
• CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) (Accessvector: network/remote)

¹cat /proc/sys/kernel/randomize_va_space returns 2 and repeated ldd <some-executable> is returning different addresses of linked libraries.