USN-2306-1 introduced a regression in the GNU C Library ...
USN-2306-1 introduced a regression in the GNU C Library ...
Several security issues were fixed in the GNU C Library ...
Debian Bug report logs -
#687530
eglibc: CVE-2012-4412: strcoll integer / buffer overflow
Package:
eglibc;
Maintainer for eglibc is (unknown);
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Thu, 13 Sep 2012 14:21:01 UTC
Severity: important
Tags: patch, security
Found in versions eglibc/2113-4, eglibc/217-93
Fix ...
Debian Bug report logs -
#689423
eglibc: CVE-2012-4424: stack overflow in strcoll()
Package:
eglibc;
Maintainer for eglibc is (unknown);
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Tue, 2 Oct 2012 13:12:01 UTC
Severity: important
Tags: patch, security
Found in versions eglibc/2113-4, eglibc/217-93
Fixed in ...
Debian Bug report logs -
#717178
CVE-2013-4788: PTR_MANGLE ineffective for statically linked binaries
Package:
eglibc;
Maintainer for eglibc is (unknown);
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Wed, 17 Jul 2013 14:24:01 UTC
Severity: important
Tags: security
Found in versions eglibc/2113-4, eglibc/217-9 ...
Debian Bug report logs -
#722536
eglibc: CVE-2013-4332
Package:
eglibc;
Maintainer for eglibc is (unknown);
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Thu, 12 Sep 2013 05:27:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions eglibc/217-93, eglibc/213-38+deb7u1
Done: Aurelien Jarno <aurel32@de ...
Debian Bug report logs -
#719558
eglibc: CVE-2013-4237
Package:
eglibc;
Maintainer for eglibc is (unknown);
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Tue, 13 Aug 2013 05:15:02 UTC
Severity: important
Tags: security
Found in versions eglibc/2113-4, eglibc/217-93
Fixed in versions eglibc/217-94, eglibc/213 ...
Debian Bug report logs -
#727181
eglibc: CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
Package:
eglibc;
Maintainer for eglibc is (unknown);
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 23 Oct 2013 04:54:01 UTC
Severity: important
Tags: security, upstream
Fixed in vers ...
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash ...