Frugalware Let's make things frugal!
En Fr Es It
Package:glibc
Date:2015-02-26
Posted by:kikadf
Vulnerable version:2.19-4
Unaffected version:2.19-5rigel1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473
Description:The vfprintf function in stdio-common/vfprintf.c in GNU C Library does not "properly restrict the use of" the alloca function when allocating the SPECS array. The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer.