[SECURITY] [DLA 316-1] eglibc security update

Package : eglibc
Version : 2.11.3-4+deb6u7
CVE ID : CVE-2014-8121
Bug-Reference : 779587

Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.

Glibc pointer guarding weakness

A weakness in the dynamic loader prior has been found. The issue is
that the LD_POINTER_GUARD in the environment is not sanitized
allowing local attackers easily to bypass the pointer guarding
protection on set-user-ID and set-group-ID programs.

Potential application crash due to overread in fnmatch

When processing certain malformed patterns, fnmatch can skip over the
NUL byte terminating the pattern. This can potentially result in an
application crash if fnmatch hits an unmapped page before
encountering a NUL byte.

_IO_wstr_overflow integer overflow

A miscalculation in _IO_wstr_overflow could potentially be exploited
to overflow a buffer.

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS)
in GNU C Library (aka glibc or libc6) 2.21 and earlier does not
properly check if a file is open, which allows remote attackers to
cause a denial of service (infinite loop) by performing a look-up
while the database is iterated over the database, which triggers the
file pointer to be reset.

For the oldoldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u7.

We recommend that you update your packages.

Attachment:
signature.asc
Description: Digital signature