Package: libc6 Version: 2.19-13 Severity: grave Tags: security upstream Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, as this has been made public, let's fix it quickly (it might even be a critical as this is remote): From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 > A heap-based buffer overflow was found in > __nss_hostname_digits_dots(), which is used by the gethostbyname() > and gethostbyname2() glibc function call. A remote attacker could > use this flaw to execute arbitary code with the permissions of the > user running the application. Upstream patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd Public announcement: http://www.frsag.org/pipermail/frsag/2015-January/005722.html Cheers, Ondrej - -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libc6 depends on: ii libgcc1 1:4.9.1-19 libc6 recommends no packages. Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.55 pn glibc-doc <none> ii locales 2.19-13 ii locales-all [locales] 2.19-13 - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUx6oxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK 56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076 rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq 5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0 0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W YB3rV1cN3Um3W6f+8SoB =g7tZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
