[Bug 906961] [NEW] timezone file integer overflow
Kees Cook
kees at ubuntu.com
Tue Dec 20 16:30:45 UTC 2011
*** This bug is a security vulnerability ***
Public security bug reported:
This is CVE-2009-5029. Given the uncommon situations where TZ files are processed by privileged applications, this is not urgent, though there are now examples of this being used in the wild:
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
Fixed in:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
** Affects: eglibc (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/906961
Title:
timezone file integer overflow
Status in “eglibc” package in Ubuntu:
New
Bug description:
This is CVE-2009-5029. Given the uncommon situations where TZ files are processed by privileged applications, this is not urgent, though there are now examples of this being used in the wild:
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
Fixed in:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/906961/+subscriptions
More information about the foundations-bugs
mailing list