Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.
3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
26074a481751614ed048aa65c68c0f68a31ac03ddd5cb0a7c9feb7060aa253caUbuntu Security Notice 2432-1 - Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. Various other issues were also addressed.
ee9a58bff9d011d6367f3b45438ca35803c8316ec24d9da327b4cbbe7f9d4442Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.
f3306f4d40c605cd5282642a6815dd2da169dca7f32fb2e4796c7ec5dcb10aa7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed