Summary: | <sys-libs/glibc-2.12.2: GNU C Library "fnmatch()" Stack Corruption Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | kerncode |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | axiator |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/43492/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 356913 | ||
Bug Blocks: |
Description
kerncode
2011-02-26 14:09:48 UTC
From $URL, the upstream bug is http://sourceware.org/bugzilla/show_bug.cgi?id=11883. @toolchain, thoughts? More details can be found here http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html if the issue is already resolved in glibc-2.12.2 in the tree, then i'm not sure we'd look at trying to backport. we're at the point where glibc-2.12.x should be looked at for stabilization in general. i'll start a thread on gentoo-dev to see if we need to shake out any dependencies first. Stable by now. toolchain work done. This issue was resolved and addressed in GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml by GLSA coordinator Chris Reffett (creffett). |