Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 139-1] eglibc security update

Recommended Posts

Package : eglibc

Version : 2.11.3-4+deb6u4

CVE ID : CVE-2015-0235

 

A vulnerability has been fixed in eglibc, Debian's version of the GNU C

library:

 

CVE-2015-0235

 

Qualys discovered that the gethostbyname and gethostbyname2

functions were subject to a buffer overflow if provided with a

crafted IP address argument. This could be used by an attacker to

execute arbitrary code in processes which called the affected

functions.

 

The original glibc bug was reported by Peter Klotz.

 

We recommend that you upgrade your eglibc packages.

 

The other three CVEs fixed in Debian wheezy via DSA 3142-1 have already been

fixed in squeeze LTS via DLA DLA 97-1.

 

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×