[Bug 953171] Re: Please fix CVE-2012-0864 in precise

Michael Vogt michael.vogt at ubuntu.com
Tue Mar 13 16:06:44 UTC 2012


** Changed in: eglibc (Ubuntu)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/953171

Title:
  Please fix CVE-2012-0864 in precise

Status in “eglibc” package in Ubuntu:
  In Progress

Bug description:
  CVE-2012-0864 was addressed in 1396-1 for releases prior to precise,
  but still needs to be addressed in precise.

  From the USN text:

   It was discovered that the GNU C Library vfprintf() implementation
  contained a possible integer overflow in the format string protection
  code offered by FORTIFY_SOURCE. An attacker could use this flaw in
  conjunction with a format string vulnerability to bypass the format
  string protection and possibly execute arbitrary code. 

  Upstream commit is
  http://sourceware.org/git/?p=glibc.git;a=commit;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
  .

  (debdiff forthcoming)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions



More information about the Ubuntu-sponsors mailing list