Summary: | <sys-libs/glibc-2.20: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find() (CVE-2014-5119) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | randy, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1119128 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 516884, 544034 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-07-14 09:10:31 UTC
the commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 CVE-2014-5119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119): Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. This CVE is fixed in Version 2.20 https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html Maintainer(s): after the bump please let us know when the ebuild is ready for stabilization. Based on the version change setting blocker to Bug 516884 (which is the blocker for all glib-2.20 version. If this is not correct please advise. This issue was resolved and addressed in GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02 by GLSA coordinator Tobias Heinlein (keytoaster). |