Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-350-1 eglibc

Debian Security Advisory

DLA-350-1 eglibc -- LTS security update

Date Reported:

26 Nov 2015

Affected Packages:

eglibc

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 803927.

More information:

The strxfrm() function is vulnerable to integer overflows when computing memory allocation sizes (similar to CVE-2012-4412). Furthermore since it fallbacks to use alloca() when malloc() fails, it is vulnerable to stack-based buffer overflows (similar to CVE-2012-4424).

Those issues have been fixed in Debian 6 Squeeze with eglibc 2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other packages provided by eglibc.