| Summary: | <sys-libs/glibc-2.12.2: GNU C Library "fnmatch()" Stack Corruption Vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | kerncode |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | axiator |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/43492/ | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 356913 | ||
| Bug Blocks: | |||
|
Description
kerncode
2011-02-26 14:09:48 UTC
From $URL, the upstream bug is http://sourceware.org/bugzilla/show_bug.cgi?id=11883. @toolchain, thoughts? More details can be found here http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html if the issue is already resolved in glibc-2.12.2 in the tree, then i'm not sure we'd look at trying to backport. we're at the point where glibc-2.12.x should be looked at for stabilization in general. i'll start a thread on gentoo-dev to see if we need to shake out any dependencies first. Stable by now. toolchain work done. This issue was resolved and addressed in GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml by GLSA coordinator Chris Reffett (creffett). |
