Debian Security Advisory

DLA-350-1 eglibc -- LTS security update

Date Reported:
26 Nov 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 803927.
More information:

The strxfrm() function is vulnerable to integer overflows when computing memory allocation sizes (similar to CVE-2012-4412). Furthermore since it fallbacks to use alloca() when malloc() fails, it is vulnerable to stack-based buffer overflows (similar to CVE-2012-4424).

Those issues have been fixed in Debian 6 Squeeze with eglibc 2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other packages provided by eglibc.