Debian Security Advisory
DSA-3887-1 glibc -- security update
- Date Reported:
- 19 Jun 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-1000366.
- More information:
The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
For the oldstable distribution (jessie), this problem has been fixed in version 2.19-18+deb8u10.
For the stable distribution (stretch), this problem has been fixed in version 2.24-11+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your glibc packages.