[arch-security] CVE-2015-0235 "ghost"

Remi Gacogne rgacogne at archlinux.org
Tue Jan 27 16:30:43 UTC 2015


A critical vulnerability has been found in glibc [1] in the form of a
heap buffer overflow in the gethostbyname() and gethostbyname2() calls.
It may allow a remote attacker to execute arbitrary code.

Arch Linux does not seem vulnerable because we use a recent glibc
version, which includes a patch [2] for this issue.
This seems confirmed by the test case included with the fix [3].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=15014

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150127/024cceb0/attachment.asc>

More information about the arch-security mailing list