Bug#615120: eglibc: alloca memory corruption

To: Michael Gilbert <michael.s.gilbert@gmail.com>, 615120@bugs.debian.org
Subject: Bug#615120: eglibc: alloca memory corruption
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 26 Feb 2011 11:29:06 +0100
Message-id: <20110226102906.GB24799@hall.aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 615120@bugs.debian.org
In-reply-to: <20110225162211.83a8d13a.michael.s.gilbert@gmail.com>
References: <20110225162211.83a8d13a.michael.s.gilbert@gmail.com>

On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote:
> package: eglibc
> version: 2.11.2-10
> severity: grave
> tag: security
> 
> A memory corruption issue has been disclosed for eglibc [0].  I've
> checked, and lenny (glibc), squeeze, and sid are affected by the poc.
> experimental is not.  According to the report, this permits arbitrary
> code execution.
> 

Do you have a CVE number that we can use in the changelog?

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

Follow-Ups:
- Bug#615120: eglibc: alloca memory corruption
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- Bug#615120: eglibc: alloca memory corruption
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#615120: eglibc: alloca memory corruption
Next by Date: Bug#600667: marked as done (eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path)
Previous by thread: Bug#615120: eglibc: alloca memory corruption
Next by thread: Bug#615120: eglibc: alloca memory corruption
Index(es):
- Date
- Thread