[Bug 953171] [NEW] Please fix CVE-2012-0864 in precise

Launchpad Bug Tracker 953171 at bugs.launchpad.net
Mon Mar 12 18:25:17 UTC 2012


*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Steve Beattie (sbeattie):

CVE-2012-0864 was addressed in 1396-1 for releases prior to precise, but
still needs to be addressed in precise.

>From the USN text:

 It was discovered that the GNU C Library vfprintf() implementation
contained a possible integer overflow in the format string protection
code offered by FORTIFY_SOURCE. An attacker could use this flaw in
conjunction with a format string vulnerability to bypass the format
string protection and possibly execute arbitrary code. 

Upstream commit is
http://sourceware.org/git/?p=glibc.git;a=commit;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
.

(debdiff forthcoming)

** Affects: eglibc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Please fix CVE-2012-0864 in precise
https://bugs.launchpad.net/bugs/953171
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.



More information about the Ubuntu-sponsors mailing list