Debian Security Advisory

DLA-230-1 eglibc -- LTS security update

Date Reported:
27 May 2015
Affected Packages:
eglibc
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-1781.
More information:

Arjun Shankar of Red Hat discovered that gethostbyname_r and related functions compute the size of an input buffer incorrectly if the passed-in buffer is misaligned. This results in a buffer overflow.

For the oldoldstable distribution (squeeze), this problem has been fixed in version 2.11.3-4+deb6u6.