Arch Linux: ASA-201602-22 Medium: glibc Unbound Stack Issue
Feb 28, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package glibc before version 2.23-1 is vulnerable to unbound stack usage.
Arch Linux Security Advisory ASA-201602-22 ========================================= Severity: Medium Date : 2016-02-28 CVE-ID : CVE-2014-9761 Package : glibc Type : unbound stack usage Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package glibc before version 2.23-1 is vulnerable to unbound stack usage. Resolution ========= Upgrade to 2.23-1. # pacman -Syu "glibc>=2.23-1" The problem has been fixed upstream in version 2.23. Workaround ========= None. Description ========== - CVE-2014-9761 (unbound stack usage) The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions. Impact ===== An attacker has an easy job with stack based exploits. References ========= https://access.redhat.com/security/cve/CVE-2014-9761 https://seclists.org/oss-sec/2016/q1/153
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!