Arch Linux Security Advisory ASA-201502-8 ========================================= Severity: High Date : 2015-02-09 CVE-ID : CVE-2015-1472 CVE-2015-1473 Package : glibc Type : multiple issues Remote : possible (still under investigation) Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package glibc before version 2.21-1 has multiple issues that could be exploitable. Resolution ========== Upgrade to 2.21-1 # pacman -Syu "glibc>=2.21-1" The problems have been fixed upstream in version 2.21. Workaround ========== None. Description =========== glibc has multiple issues including heap- and stack overflows that could be exploitable. The heap- and stack-overflow is possible in the swscanf function. Impact ====== The issue is still under investigation. It's not clear if the issue is exploitable. In case of 'yes' this could result in various exploits in every software that uses glibc. This includes remote-code-execution or local exploits for gaining root access. References ========== https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2015-1472 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2015-1473 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html