[arch-security] [ASA-201502-8] glibc: multiple issues
chris.rebischke at gmail.com
Mon Feb 9 04:35:56 UTC 2015
Arch Linux Security Advisory ASA-201502-8
Date : 2015-02-09
CVE-ID : CVE-2015-1472 CVE-2015-1473
Package : glibc
Type : multiple issues
Remote : possible (still under investigation)
Link : https://wiki.archlinux.org/index.php/CVE
The package glibc before version 2.21-1 has multiple issues that could be
Upgrade to 2.21-1
# pacman -Syu "glibc>=2.21-1"
The problems have been fixed upstream in version 2.21.
glibc has multiple issues including heap- and stack overflows that could be
exploitable. The heap- and stack-overflow is possible in the swscanf function.
The issue is still under investigation. It's not clear if the issue is
exploitable. In case of 'yes' this could result in various exploits in every
software that uses glibc. This includes remote-code-execution or
local exploits for gaining root access.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the arch-security