[SECURITY] [DLA 139-1] eglibc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 139-1] eglibc security update
From: Holger Levsen <holger@layer-acht.org>
Date: Wed, 28 Jan 2015 11:25:42 +0100
Message-id: <[🔎] 201501281125.44581.holger@layer-acht.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : eglibc
Version        : 2.11.3-4+deb6u4
CVE ID         : CVE-2015-0235

A vulnerability has been fixed in eglibc, Debian's version of the GNU C
library:

CVE-2015-0235

    Qualys discovered that the gethostbyname and gethostbyname2
    functions were subject to a buffer overflow if provided with a
    crafted IP address argument.  This could be used by an attacker to
    execute arbitrary code in processes which called the affected
    functions.

    The original glibc bug was reported by Peter Klotz.

We recommend that you upgrade your eglibc packages.

The other three CVEs fixed in Debian wheezy via DSA 3142-1 have already been
fixed in squeeze LTS via DLA DLA 97-1.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: [SECURITY] [DLA 137-1] libevent security update
Next by Date: [SECURITY] [DLA 140-1] rpm security update
Previous by thread: [SECURITY] [DLA 137-1] libevent security update
Next by thread: [SECURITY] [DLA 140-1] rpm security update
Index(es):
- Date
- Thread