Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 494-1] eglibc security update

Recommended Posts

Package : eglibc

Version : 2.13-38+deb7u11

CVE ID : CVE-2016-1234 CVE-2016-3075 CVE-2016-3706

 

 

Several vulnerabilities have been fixed in the Debian GNU C Library,

eglibc:

 

CVE-2016-1234

 

Alexander Cherepanov discovered that the glibc's glob implementation

suffered from a stack-based buffer overflow when it was called with the

GLOB_ALTDIRFUNC flag and encountered a long file name.

 

CVE-2016-3075

 

The getnetbyname implementation in nss_dns was susceptible to a stack

overflow and a crash if it was invoked on a very long name.

 

CVE-2016-3706

 

Michael Petlan reported that getaddrinfo copied large amounts of address

data to the stack, possibly leading to a stack overflow. This complements

the fix for CVE-2013-4458.

 

For Debian 7 "Wheezy", these problems have been fixed in version

2.13-38+deb7u11.

 

We recommend you to upgrade your eglibc packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system, and frequently asked questions can be

found at: https://wiki.debian.org/LTS

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×