Debian: DSA-5611-1 Moderate: glibc Buffer Overflow and Memory Corruption
debian
January 30, 2024
The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog())
Summary
Details can be found in the Qualys advisory at
https://www.qualys.com/
Additionally a memory corruption was discovered in the glibc's qsort()
function, due to missing bounds check and when called by a program
with a non-transitive comparison function and a large number of
attacker-controlled elements. As the use of qsort() with a
non-transitive comparison function is undefined according to POSIX and
ISO C standards, this is not considered a vulnerability in the glibc
itself. However the qsort() implementation was hardened against
misbehaving callers.
Details can be found in the Qualys advisory at
https://https://www.qualys.com/2024/01/30/qsort.txt
For the stable distribution (bookworm), these problems have been fixed in
version 2.36-9+deb12u4.
We recommend that you upgrade your glibc packages.
For the detailed security status of glibc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/glibc
Further information about Debian Security Advisories, how...
PREVIOUS
NEXT
Package: glibc
CVE ID: CVE-2023-6246 CVE-2023-6779 CVE-2023-6780
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!