Please fix CVE-2012-0864 in precise
Bug #953171 reported by
Steve Beattie
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Ubuntu) |
Fix Released
|
High
|
Adam Conrad |
Bug Description
CVE-2012-0864 was addressed in 1396-1 for releases prior to precise, but still needs to be addressed in precise.
From the USN text:
It was discovered that the GNU C Library vfprintf() implementation
contained a possible integer overflow in the format string protection
code offered by FORTIFY_SOURCE. An attacker could use this flaw in
conjunction with a format string vulnerability to bypass the format
string protection and possibly execute arbitrary code.
Upstream commit is http://
(debdiff forthcoming)
Related branches
Changed in eglibc (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Canonical Foundations Team (canonical-foundations) |
Changed in eglibc (Ubuntu): | |
status: | New → In Progress |
Changed in eglibc (Ubuntu): | |
milestone: | none → ubuntu-12.04-beta-2 |
tags: | added: rls-p-tracking |
Changed in eglibc (Ubuntu): | |
assignee: | Canonical Foundations Team (canonical-foundations) → Adam Conrad (adconrad) |
To post a comment you must log in.
For the record, bzr reports the packaging branch for eglibc is out of date. Here is a debdiff to fix this issue and bug 901716. Confirmed to build on precise/amd64.