Arch Linux Security Advisory ASA-201508-7 ========================================= Severity: Low Date : 2015-08-16 CVE-ID : CVE-2014-8121 Package : glibc Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package glibc before version 2.22-1 is vulnerable to denial of service. Resolution ========== Upgrade to 2.22-1. # pacman -Syu "glibc>=2.22-1" The problem has been fixed upstream in version 2.22. Workaround ========== None. Description =========== It was found that the files backend of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. Impact ====== A remote attacker might be able to force a vulnerable application to enter an infinite loop, thus causing denial of service. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8121 https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html https://bugzilla.redhat.com/show_bug.cgi?id=1165192