[arch-security] [ASA-201602-7] libbsd: denial of service
Chris.Rebischke at archlinux.org
Thu Feb 4 20:30:21 UTC 2016
Arch Linux Security Advisory ASA-201602-7
Date : 2016-02-04
CVE-ID : CVE-2016-2090
Package : libbsd
Type : denial of service
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
The package libbsd before version 0.8.2-1 is vulnerable to denial of
service due to a buffer overflow in the "fgetwln"-function.
Upgrade to 0.8.2-1.
# pacman -Syu "libbsd>=0.8.2-1"
The problem has been fixed upstream in version 0.8.2.
- CVE-2016-2090 (buffer overflow)
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An "if" checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of bounds
A local attacker might be able to crash the application.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the arch-security