Arch Linux Security Advisory ASA-201602-22 ========================================== Severity: Medium Date : 2016-02-28 CVE-ID : CVE-2014-9761 Package : lib32-glibc Type : unbound stack usage Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-glibc before version 2.23-1 is vulnerable to unbound stack usage. Resolution ========== Upgrade to 2.23-1. # pacman -Syu "lib32-glibc>=2.23-1" The problem has been fixed upstream in version 2.23. Workaround ========== None. Description =========== - CVE-2014-9761 (unbound stack usage) The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions. Impact ====== An attacker has an easy job with stack based exploits. References ========== https://access.redhat.com/security/cve/CVE-2014-9761 http://seclists.org/oss-sec/2016/q1/153