[Bug 953171] Re: Please fix CVE-2012-0864 in precise
Michael Vogt
michael.vogt at ubuntu.com
Tue Mar 13 19:38:29 UTC 2012
I build/tested this and its fine, it can be uploaded but apparently
there is another fix pending that should be bundled.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/953171
Title:
Please fix CVE-2012-0864 in precise
Status in “eglibc” package in Ubuntu:
In Progress
Bug description:
CVE-2012-0864 was addressed in 1396-1 for releases prior to precise,
but still needs to be addressed in precise.
From the USN text:
It was discovered that the GNU C Library vfprintf() implementation
contained a possible integer overflow in the format string protection
code offered by FORTIFY_SOURCE. An attacker could use this flaw in
conjunction with a format string vulnerability to bypass the format
string protection and possibly execute arbitrary code.
Upstream commit is
http://sourceware.org/git/?p=glibc.git;a=commit;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
.
(debdiff forthcoming)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions
More information about the foundations-bugs
mailing list