[arch-security] [ASA-201602-23] lib32-glibc: unbound stack usage
Chris.Rebischke at archlinux.org
Sun Feb 28 01:19:47 UTC 2016
Arch Linux Security Advisory ASA-201602-22
Date : 2016-02-28
CVE-ID : CVE-2014-9761
Package : lib32-glibc
Type : unbound stack usage
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package lib32-glibc before version 2.23-1 is vulnerable to unbound stack
Upgrade to 2.23-1.
# pacman -Syu "lib32-glibc>=2.23-1"
The problem has been fixed upstream in version 2.23.
- CVE-2014-9761 (unbound stack usage)
The nan, nanf and nanl functions no longer have unbounded stack usage
depending on the length of the string passed as an argument to the
An attacker has an easy job with stack based exploits.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the arch-security