10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Package : eglibc
Version : 2.11.3-4+deb6u4
CVE ID : CVE-2015-0235
A vulnerability has been fixed in eglibc, Debian's version of the GNU C
library:
CVE-2015-0235
Qualys discovered that the gethostbyname and gethostbyname2
functions were subject to a buffer overflow if provided with a
crafted IP address argument. This could be used by an attacker to
execute arbitrary code in processes which called the affected
functions.
The original glibc bug was reported by Peter Klotz.
We recommend that you upgrade your eglibc packages.
The other three CVEs fixed in Debian wheezy via DSA 3142-1 have already been
fixed in squeeze LTS via DLA DLA 97-1.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | eglibc | < 2.13-38+deb7u7 | eglibc_2.13-38+deb7u7_all.deb |
Debian | 7 | powerpc | libc6-pic | < 2.13-38+deb7u7 | libc6-pic_2.13-38+deb7u7_powerpc.deb |
Debian | 7 | kfreebsd-i386 | libc0.1 | < 2.13-38+deb7u7 | libc0.1_2.13-38+deb7u7_kfreebsd-i386.deb |
Debian | 7 | powerpc | locales-all | < 2.13-38+deb7u7 | locales-all_2.13-38+deb7u7_powerpc.deb |
Debian | 6 | amd64 | libc-dev-bin | < 2.11.3-4+deb6u4 | libc-dev-bin_2.11.3-4+deb6u4_amd64.deb |
Debian | 7 | ia64 | libc-dev-bin | < 2.13-38+deb7u7 | libc-dev-bin_2.13-38+deb7u7_ia64.deb |
Debian | 7 | kfreebsd-amd64 | nscd | < 2.13-38+deb7u7 | nscd_2.13-38+deb7u7_kfreebsd-amd64.deb |
Debian | 7 | s390x | libc6-prof | < 2.13-38+deb7u7 | libc6-prof_2.13-38+deb7u7_s390x.deb |
Debian | 7 | amd64 | libc6-pic | < 2.13-38+deb7u7 | libc6-pic_2.13-38+deb7u7_amd64.deb |
Debian | 7 | mips | libc6 | < 2.13-38+deb7u7 | libc6_2.13-38+deb7u7_mips.deb |