Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201511-4 ======================================== Severity: Critical Date : 2015-11-06 CVE-ID : CVE-2015-7183 Package : nspr Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package nspr before version 4.10.10-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 4.10.10-1. # pacman -Syu "nspr>=4.10.10-1" The problem has been fixed upstream in version 4.10.10. Workaround ========= None. Description ========== A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory. Impact ===== A remote attacker can execute arbitrary code on the affected host. References ========= https://www.mail-archive.com/This email address is being protected from spambots. You need JavaScript enabled to view it. /msg12386.html https://access.redhat.com/security/cve/CVE-2015-7183