[Bug 953171] [NEW] Please fix CVE-2012-0864 in precise
Launchpad Bug Tracker
953171 at bugs.launchpad.net
Mon Mar 12 18:25:17 UTC 2012
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Steve Beattie (sbeattie):
CVE-2012-0864 was addressed in 1396-1 for releases prior to precise, but
still needs to be addressed in precise.
>From the USN text:
It was discovered that the GNU C Library vfprintf() implementation
contained a possible integer overflow in the format string protection
code offered by FORTIFY_SOURCE. An attacker could use this flaw in
conjunction with a format string vulnerability to bypass the format
string protection and possibly execute arbitrary code.
Upstream commit is
http://sourceware.org/git/?p=glibc.git;a=commit;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
.
(debdiff forthcoming)
** Affects: eglibc (Ubuntu)
Importance: Undecided
Status: New
--
Please fix CVE-2012-0864 in precise
https://bugs.launchpad.net/bugs/953171
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list