Package: uclibc-source
Version: 0.9.32-1
Severity: normal
Tags: security
User: debian...@lists.debian.org
Usertags: piuparts
Control: fixed -1 0.9.32-1+deb7u1
Control: close -1 1.0.20-1
* CVE-2016-2224:
Fix possible denial of service via a specially crafted DNS reply that could
cause an infinite loop.
* CVE-2016-2225:
Fix possible denial of service via specially crafted packet that will make
the parser terminate early.
* CVE-2016-6264:
It was found that 'BLT' instruction in libc/string/arm/memset.S checks for
signed values. If parameter of memset is negative, then value added to the
PC will be large. Attacker that controls the length parameter of memset can
also control the value of PC register.
This was fixed in wheezy-lts, but not in jessie-security or jessie-lts,
causing version skew:
uclibc | 0.9.30.2-1 | squeeze | source
uclibc | 0.9.32-1 | wheezy | source
uclibc | 0.9.32-1 | jessie | source
uclibc | 0.9.32-1+deb7u1 | wheezy-security | source
uclibc | 1.0.20-2 | stretch | source
uclibc | 1.0.31-1 | buster | source
uclibc | 1.0.35-1 | bullseye | source
uclibc | 1.0.35-1 | sid | source
Andreas
