[SECURITY] [DLA 561-1] uclibc security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : uclibc
Version : 0.9.32-1+deb7u1
CVE ID : CVE-2016-2224 CVE-2016-2225 CVE-2016-6264
Several vulnerabilities have been discovered in uClibc, an
implementation of the standard C library that is much smaller than
glibc, which makes it useful for embedded systems.
CVE-2016-2224
Fix possible denial of service via a specially crafted DNS reply
that could cause an infinite loop.
CVE-2016-2225
Fix possible denial of service via specially crafted packet that
will make the parser in libc/inet/resolv.c terminate early.
CVE-2016-6264
It was found that 'BLT' instruction in libc/string/arm/memset.S
checks for signed values. If the parameter of memset is negative,
then value added to the PC will be large. An attacker that controls
the length parameter of memset can also control the value of PC
register.
For Debian 7 "Wheezy", these problems have been fixed in version
0.9.32-1+deb7u1.
We recommend that you upgrade your uclibc packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXlzOvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkFSoP/2STgeI/Qb8ZeKFOOSrz7w5i
vuotEYhKuptGi5oCCAMyB7GotyFDoqPJZNHjdS/Wf6lfTyaLEEwt24cS6rs6XZ6Q
q+xnihztJyFbAE+Y2FVQFiFlTwE7j795td8eP0/mFLH4ccf0kTvUVpCRMzfRXi4n
0BHGfesjDyuWkqkGUAcHbiT9bB7V0PtXggsX+6Z43GFDwzUwNLM7aO7qMxX6XZWt
CigLnVdu22cC2sOAJEw29+/eNtZ8THaKXNqqOkduoeXs8lwpjy+fZta4wKLBFssi
AKyhSnU5PzEzmpyLLzridvvQXRGIo651fusBNOyA8/trN39GGE2rJzXjXyQNb55I
C/GWNZPA529PVjxVkaLn25AOaEJU4YVB3l+/EZd4YDcwCHid+Q8HNovoY73ERr2F
YmRaRkdDD7XPpQkNyJH3EbCaHp1iLTka64eHx2WMyndo+ECXiRlfEBPqMGBlXlJF
x/Ioz+IVi9dtYvEb052M0IiCy50kGh3ria9gMsAB9qqqaJf0iBYq7Ij9nMf8llBi
BdsFvPYSEdEkY+WPrtqnzm5+lptC8I+QVZpA8xzTaR7X96aj0pUB4HIhSbL4AwdW
fZzjLUGB64pZnOhdomf1xHCbHnrScSIEQr7ylfODwp7GIU67xAgn1RGI5CeoXx41
3nA1wig+C/41lyqDCka9
=h4KS
-----END PGP SIGNATURE-----
Reply to: