[Bug 953171] Re: Please fix CVE-2012-0864 in precise
Launchpad Bug Tracker
953171 at bugs.launchpad.net
Wed Mar 21 23:40:17 UTC 2012
This bug was fixed in the package eglibc - 2.15-0ubuntu6
---------------
eglibc (2.15-0ubuntu6) precise; urgency=low
* SECURITY UPDATE: denial of service in RPC implementation (LP: #901716)
- debian/patches/any/local-CVE-2011-4609.patch: nanosleep when too
many open fds are detected
- CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
check bypass (LP: #953171)
- debian/patches/any/cvs-CVE-2012-0864.patch: check for integer
overflow
- CVE-2012-0864
-- Steve Beattie <sbeattie at ubuntu.com> Mon, 12 Mar 2012 09:20:41 -0700
** Changed in: eglibc (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4609
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0864
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/953171
Title:
Please fix CVE-2012-0864 in precise
Status in “eglibc” package in Ubuntu:
Fix Released
Bug description:
CVE-2012-0864 was addressed in 1396-1 for releases prior to precise,
but still needs to be addressed in precise.
From the USN text:
It was discovered that the GNU C Library vfprintf() implementation
contained a possible integer overflow in the format string protection
code offered by FORTIFY_SOURCE. An attacker could use this flaw in
conjunction with a format string vulnerability to bypass the format
string protection and possibly execute arbitrary code.
Upstream commit is
http://sourceware.org/git/?p=glibc.git;a=commit;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
.
(debdiff forthcoming)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions
More information about the foundations-bugs
mailing list