[Secure-testing-team] Bug#779587: glibc: Three vulnerabilities
Moritz Muehlenhoff
jmm at inutil.org
Mon Mar 2 18:33:47 UTC 2015
Package: glibc
Severity: important
Tags: security
Hi,
these three new security issues are unfixed in jessie/sid:
1. Unexpected closing of nss_files databases after
lookups causes denial of service (CVE-2014-8121):
Patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8121
(fix not yet merged upstream)
2. potential application crash due to overread in fnmatch
(no CVE yet, CVE request at
http://www.openwall.com/lists/oss-security/2015/02/26/5)
https://sourceware.org/bugzilla/show_bug.cgi?id=18032
Patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
3. _IO_wstr_overflow integer overflow
(no CVE yet, CVE request at
http://www.openwall.com/lists/oss-security/2015/02/22/15)
https://sourceware.org/bugzilla/show_bug.cgi?id=17269
Patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
Cheers,
Moritz
More information about the Secure-testing-team
mailing list