FS#43747 - [glibc][CVE-2015-1472] heap buffer overflow in glibc swscanf
Attached to Project:
Arch Linux
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 01:48 GMT
Last edited by Allan McRae (Allan) - Monday, 09 February 2015, 03:55 GMT
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 01:48 GMT
Last edited by Allan McRae (Allan) - Monday, 09 February 2015, 03:55 GMT
|
Details
Summary
======= There is a heap buffer overflow in the actual glibc version 2.20-6 due to a 1 year old bug in glibc. Its unsure if the bug is exploitable or not but the next version 2.21 solves the issue. References ========== https://marc.info/?l=oss-security&m=142301982723839&w=2 CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html Changelog of glibc 2.21 greetings and thx for your great work with glibc Chris |
This task depends upon
Closed by Allan McRae (Allan)
Monday, 09 February 2015, 03:55 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.21-1
Monday, 09 February 2015, 03:55 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.21-1
The fix for CVE-2015-1472 also fixes CVE-2015-1473.