Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386343

Summary: <sys-libs/glibc-2.12.2: Execution of arbitrary code (CVE-2011-1071)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:54:31 UTC 
CVE-2011-1071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1071):
  The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
  (EGLIBC) allow context-dependent attackers to execute arbitrary code or
  cause a denial of service (memory consumption) via a long UTF8 string that
  is used in an fnmatch call, aka a "stack extension attack," a related issue
  to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported
  for use of this library by Google Chrome.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2011-10-08 14:55:06 UTC 
Already stable, nothing to do here, just for security tracking purposes.
Comment 2 SpanKY gentoo-dev 2012-04-13 23:54:37 UTC 
glibc-2.13 is stable now
Comment 3 Mark Loeser (RETIRED) gentoo-dev 2013-02-22 23:26:12 UTC 
toolchain done
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-12-03 04:14:36 UTC 
This issue was resolved and addressed in
 GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml
by GLSA coordinator Chris Reffett (creffett).