* SECURITY UPDATE: arbitrary code execution via long strings
(LP: #507939)
- src/thbrk/brk-maximal.c: validate size of n_brk_pos before malloc.
- src/thbrk/thbrk.c: validate size of n_brk_pos before malloc, and
perform error checking.
- Patches from Debian DSA-1971-1
- CVE-2009-4012
-- Marc Deslauriers <email address hidden> Fri, 15 Jan 2010 08:21:40 -0500
This bug was fixed in the package libthai - 0.1.12-1ubuntu0.2
---------------
libthai (0.1.12-1ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via long strings brk-maximal. c: validate size of n_brk_pos before malloc.
(LP: #507939)
- src/thbrk/
- src/thbrk/thbrk.c: validate size of n_brk_pos before malloc, and
perform error checking.
- Patches from Debian DSA-1971-1
- CVE-2009-4012
-- Marc Deslauriers <email address hidden> Fri, 15 Jan 2010 08:21:40 -0500