[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 350-1] eglibc security update



Package        : eglibc
Version        : 2.11.3-4+deb6u8
CVE ID         : not assigned yet
Debian Bug     : 803927

The strxfrm() function is vulnerable to integer overflows when computing
memory allocation sizes (similar to CVE-2012-4412). Furthermore since
it fallbacks to use alloca() when malloc() fails, it is vulnerable to
stack-based buffer overflows (similar to CVE-2012-4424).

Those issues have been fixed in Debian 6 Squeeze with eglibc
2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other
packages provided by eglibc.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: PGP signature


Reply to: