Bug#798316: libc6: Pointer guarding bypass in dynamic Setuid binaries

To: submit@bugs.debian.org
Subject: Bug#798316: libc6: Pointer guarding bypass in dynamic Setuid binaries
From: Hideki Yamane <henrich@debian.or.jp>
Date: Tue, 8 Sep 2015 10:20:40 +0900
Message-id: <[🔎] CAPpVEmWfFxV9UCmzZoAUiC0CS70JCV=EUUwJiGqF1+q-3+GpRQ@mail.gmail.com>
Reply-to: Hideki Yamane <henrich@debian.or.jp>, 798316@bugs.debian.org

Package: libc6
Severity: important
Tags: security

Hi,

 Just FYI.
 security vulnerablity was found in glibc.
 http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html

 Probably no CVE is not assigned yet.
 http://seclists.org/oss-sec/2015/q3/504


 One of my friend confirmed it works with stretch, so testing/unstable
 is affected (probably experimental, too).

-- 
Hideki Yamane

Reply to:

Prev by Date: r6523 - in glibc-package/branches/glibc-2.21/debian: . patches patches/hurd-i386
Next by Date: De partner van MISTERBABEL voor toegangscontrole en tijdregistratie
Previous by thread: r6523 - in glibc-package/branches/glibc-2.21/debian: . patches patches/hurd-i386
Next by thread: De partner van MISTERBABEL voor toegangscontrole en tijdregistratie
Index(es):
- Date
- Thread