Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Arch Linux: ASA-201602-22 Medium: glibc Unbound Stack Issue

Archlinux Large Esm H446
The package glibc before version 2.23-1 is vulnerable to unbound stack usage.
Arch Linux Security Advisory ASA-201602-22
=========================================
Severity: Medium
Date    : 2016-02-28
CVE-ID  : CVE-2014-9761
Package : glibc
Type    : unbound stack usage
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package glibc before version 2.23-1 is vulnerable to unbound stack
usage. 

Resolution
=========
Upgrade to 2.23-1.

# pacman -Syu "glibc>=2.23-1"

The problem has been fixed upstream in version 2.23.

Workaround
=========
None.

Description
==========
- CVE-2014-9761 (unbound stack usage)
The nan, nanf and nanl functions no longer have unbounded stack usage
depending on the length of the string passed as an argument to the
functions.

Impact
=====
An attacker has an easy job with stack based exploits.

References
=========
https://access.redhat.com/security/cve/CVE-2014-9761
https://seclists.org/oss-sec/2016/q1/153