Debian Security Advisory
DLA-350-1 eglibc -- LTS security update
- Date Reported:
- 26 Nov 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 803927.
- More information:
The strxfrm() function is vulnerable to integer overflows when computing memory allocation sizes (similar to CVE-2012-4412). Furthermore since it fallbacks to use alloca() when malloc() fails, it is vulnerable to stack-based buffer overflows (similar to CVE-2012-4424).
Those issues have been fixed in Debian 6 Squeeze with eglibc 2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other packages provided by eglibc.