Bug#779587: glibc: Three vulnerabilities

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#779587: glibc: Three vulnerabilities
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 02 Mar 2015 19:33:47 +0100
Message-id: <[🔎] 20150302183347.13837.78720.reportbug@m25s06.vlinux.de>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 779587@bugs.debian.org

Package: glibc
Severity: important
Tags: security

Hi,
these three new security issues are unfixed in jessie/sid:

1. Unexpected closing of nss_files databases after
lookups causes denial of service (CVE-2014-8121):

Patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8121
(fix not yet merged upstream)


2. potential application crash due to overread in fnmatch
(no CVE yet, CVE request at
http://www.openwall.com/lists/oss-security/2015/02/26/5)
https://sourceware.org/bugzilla/show_bug.cgi?id=18032

Patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185


3. _IO_wstr_overflow integer overflow
(no CVE yet, CVE request at
http://www.openwall.com/lists/oss-security/2015/02/22/15)
https://sourceware.org/bugzilla/show_bug.cgi?id=17269

Patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33

Cheers,
        Moritz

Reply to:

Prev by Date: r6368 - in glibc-package/trunk/debian: . patches patches/hurd-i386
Next by Date: Bug#759530: Patch to fix segfault in ldconfig
Previous by thread: r6368 - in glibc-package/trunk/debian: . patches patches/hurd-i386
Next by thread: Re: squeeze update of eglibc
Index(es):
- Date
- Thread