Bug#803927: glibc: multiple overflows in strxfrm()

To: submit@bugs.debian.org
Subject: Bug#803927: glibc: multiple overflows in strxfrm()
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 3 Nov 2015 10:57:22 +0100
Message-id: <[🔎] 20151103095722.GA27684@home.ouaza.com>
Reply-to: Raphael Hertzog <hertzog@debian.org>, 803927@bugs.debian.org

Source: glibc
Version: 2.19-22
Severity: serious
Tags: security fixed-upstream
Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=16009

Hello,

libc6 is vulnerable to buffer overruns in strxfrm() as reported
in the following upstream ticket:
https://sourceware.org/bugzilla/show_bug.cgi?id=16009

The issue is fixed in glibc 2.21.

No CVE has been assigned yet even though it had been requested
in http://openwall.com/lists/oss-security/2015/09/08/2

The upstream patch is available here:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f9e585480ed

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Processed: glibc: multiple overflows in strxfrm()
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#803927: marked as done (glibc: multiple overflows in strxfrm())
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: glibc: multiple overflows in strxfrm()
Next by Date: squeeze update of eglibc?
Previous by thread: r6680 - in glibc-package/branches/glibc-2.21/debian: . testsuite-checking
Next by thread: Processed: glibc: multiple overflows in strxfrm()
Index(es):
- Date
- Thread