CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
92.6%
Package : eglibc
Version : 2.11.3-4+deb6u8
CVE ID : not assigned yet
Debian Bug : 803927
The strxfrm() function is vulnerable to integer overflows when computing
memory allocation sizes (similar to CVE-2012-4412). Furthermore since
it fallbacks to use alloca() when malloc() fails, it is vulnerable to
stack-based buffer overflows (similar to CVE-2012-4424).
Those issues have been fixed in Debian 6 Squeeze with eglibc
2.11.3-4+deb6u8. We recommend that you upgrade libc6 and other
packages provided by eglibc.
β
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | eglibc-source | <Β 2.11.3-4+deb6u8 | eglibc-source_2.11.3-4+deb6u8_all.deb |
Debian | 6 | amd64 | libc6-dev | <Β 2.11.3-4+deb6u8 | libc6-dev_2.11.3-4+deb6u8_amd64.deb |
Debian | 6 | amd64 | libc6 | <Β 2.11.3-4+deb6u8 | libc6_2.11.3-4+deb6u8_amd64.deb |
Debian | 6 | i386 | libc-bin | <Β 2.11.3-4+deb6u8 | libc-bin_2.11.3-4+deb6u8_i386.deb |
Debian | 6 | i386 | libc6-prof | <Β 2.11.3-4+deb6u8 | libc6-prof_2.11.3-4+deb6u8_i386.deb |
Debian | 6 | i386 | libc6-xen | <Β 2.11.3-4+deb6u8 | libc6-xen_2.11.3-4+deb6u8_i386.deb |
Debian | 6 | amd64 | libc6-udeb | <Β 2.11.3-4+deb6u8 | libc6-udeb_2.11.3-4+deb6u8_amd64.deb |
Debian | 6 | i386 | libnss-dns-udeb | <Β 2.11.3-4+deb6u8 | libnss-dns-udeb_2.11.3-4+deb6u8_i386.deb |
Debian | 6 | i386 | libnss-files-udeb | <Β 2.11.3-4+deb6u8 | libnss-files-udeb_2.11.3-4+deb6u8_i386.deb |
Debian | 6 | amd64 | nscd | <Β 2.11.3-4+deb6u8 | nscd_2.11.3-4+deb6u8_amd64.deb |