Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Arch Linux: 201511-4 Critical Advisory for NSPR Arbitrary Code Execution

Archlinux Large Esm H446
The package nspr before version 4.10.10-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201511-4
========================================
Severity: Critical
Date    : 2015-11-06
CVE-ID  : CVE-2015-7183
Package : nspr
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package nspr before version 4.10.10-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 4.10.10-1.

# pacman -Syu "nspr>=4.10.10-1"

The problem has been fixed upstream in version 4.10.10.

Workaround
=========
None.

Description
==========
A logic bug in the handling of large allocations would allow
exceptionally large allocations to be reported as successful, without
actually allocating the requested memory. This may allow attackers to
bypass security checks and obtain control of arbitrary memory.

Impact
=====
A remote attacker can execute arbitrary code on the affected host.

References
=========
https://www.mail-archive.com/This email address is being protected from spambots. You need JavaScript enabled to view it./msg12386.html
https://access.redhat.com/security/cve/CVE-2015-7183