ArchLinux: 201602-7: libbsd: denial of service
Summary
- CVE-2016-2090 (buffer overflow) libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An "if" checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens.
Resolution
Upgrade to 0.8.2-1.
# pacman -Syu "libbsd>=0.8.2-1"
The problem has been fixed upstream in version 0.8.2.
References
https://access.redhat.com/security/cve/CVE-2016-2090 https://bugs.freedesktop.org/show_bug.cgi?id=93881 https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
Workaround
None.