FS#43747 : [glibc][CVE-2015-1472] heap buffer overflow in glibc swscanf

FS#43747 - [glibc][CVE-2015-1472] heap buffer overflow in glibc swscanf

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 01:48 GMT
Last edited by Allan McRae (Allan) - Monday, 09 February 2015, 03:55 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Christian Rebischke (Shibumi) (2015-02-09)
Private	No

Details

Summary
=======

There is a heap buffer overflow in the actual glibc version 2.20-6 due to a 1 year old bug in glibc. Its unsure if the bug is exploitable or not but the next version 2.21 solves the issue.

References
==========

https://marc.info/?l=oss-security&m=142301982723839&w=2 CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html Changelog of glibc 2.21

greetings and thx for your great work with glibc

Chris

This task depends upon

Closed by Allan McRae (Allan)
Monday, 09 February 2015, 03:55 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.21-1

Comment by Allan McRae (Allan) - Monday, 09 February 2015, 02:53 GMT

glibc-2.21 is in [testing] and will move in a couple of days.

The fix for CVE-2015-1472 also fixes CVE-2015-1473.

Comment by Allan McRae (Allan) - Monday, 09 February 2015, 03:55 GMT

Bah - moving it now!

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#43747 - [glibc][CVE-2015-1472] heap buffer overflow in glibc swscanf

Details

Loading...