Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Arch Linux: ASA-201502-8 High: Glibc Exploitable Exploits

Archlinux Large Esm H446
The package glibc before version 2.21-1 has multiple issues that could be exploitable.
Arch Linux Security Advisory ASA-201502-8
========================================
Severity: High
Date    : 2015-02-09
CVE-ID  : CVE-2015-1472 CVE-2015-1473
Package : glibc
Type    : multiple issues
Remote  : possible (still under investigation)
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package glibc before version 2.21-1 has multiple issues that could be
exploitable.

Resolution
=========
Upgrade to 2.21-1

# pacman -Syu "glibc>=2.21-1"

The problems have been fixed upstream in version 2.21.

Workaround
=========
None.

Description
==========
glibc has multiple issues including heap- and stack overflows that could be
exploitable. The heap- and stack-overflow is possible in the swscanf function.

Impact
=====
The issue is still under investigation. It's not clear if the issue is
exploitable. In case of 'yes' this could result in various exploits in every
software that uses glibc. This includes remote-code-execution or
local exploits for gaining root access.

References
=========
https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2015-1472
https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2015-1473
https://sourceware.org/legacy-ml/libc-alpha/2015-02/msg00119.html
Your message here