[arch-security] [ASA-201511-4] nspr: arbitrary code execution
rgacogne at archlinux.org
Fri Nov 6 12:16:32 UTC 2015
Arch Linux Security Advisory ASA-201511-4
Date : 2015-11-06
CVE-ID : CVE-2015-7183
Package : nspr
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package nspr before version 4.10.10-1 is vulnerable to arbitrary
Upgrade to 4.10.10-1.
# pacman -Syu "nspr>=4.10.10-1"
The problem has been fixed upstream in version 4.10.10.
A logic bug in the handling of large allocations would allow
exceptionally large allocations to be reported as successful, without
actually allocating the requested memory. This may allow attackers to
bypass security checks and obtain control of arbitrary memory.
A remote attacker can execute arbitrary code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security