[arch-security] [ASA-201508-7] glibc: denial of service
rgacogne at archlinux.org
Sun Aug 16 12:07:51 UTC 2015
Arch Linux Security Advisory ASA-201508-7
Date : 2015-08-16
CVE-ID : CVE-2014-8121
Package : glibc
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package glibc before version 2.22-1 is vulnerable to denial of service.
Upgrade to 2.22-1.
# pacman -Syu "glibc>=2.22-1"
The problem has been fixed upstream in version 2.22.
It was found that the files backend of Name Service Switch (NSS) did not
isolate iteration over an entire database from key-based look-up API
calls. An application performing look-ups on a database while iterating
over it could enter an infinite loop, leading to a denial of service.
A remote attacker might be able to force a vulnerable application to
enter an infinite loop, thus causing denial of service.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security