From $URL :
A vulnerability has been reported in GNU C Library, which can be exploited by malicious people to
cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the "extend_buffers()" function
(posix/regexec.c) when handling multibyte characters in regular expressions and can be exploited to
cause a buffer overflow and crash the application.
The vulnerability is reported in version 2.17. Other versions may also be affected.
No official solution is currently available.
Provided and/or discovered by
Paolo Bonzini in a bug report.
Buffer overflow in the extend_buffers function in the regular expression
matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows
context-dependent attackers to cause a denial of service (memory corruption
and crash) via crafted multibyte characters.
Fix is in 2.18:
Can the fix be backported to stable glibc versions?
no plans to backport to glibc-2.17 or older
Maintainer(s), please drop the vulnerable version(s).
Added to an existing GLSA Request.
This issue was resolved and addressed in
GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).