Debian Security Advisory
DLA-139-1 eglibc -- LTS security update
- Date Reported:
- 28 Jan 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-0235.
- More information:
A vulnerability has been fixed in eglibc, Debian's version of the GNU C library:
Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions.
The original glibc bug was reported by Peter Klotz.
For Debian 6
Squeeze, this issue has been fixed in eglibc version 2.11.3-4+deb6u4
We recommend that you upgrade your eglibc packages.