Debian Security Advisory
DLA-230-1 eglibc -- LTS security update
- Date Reported:
- 27 May 2015
- Affected Packages:
- eglibc
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-1781.
- More information:
-
Arjun Shankar of Red Hat discovered that gethostbyname_r and related functions compute the size of an input buffer incorrectly if the passed-in buffer is misaligned. This results in a buffer overflow.
For the oldoldstable distribution (squeeze), this problem has been fixed in version 2.11.3-4+deb6u6.