[SECURITY] [DLA 992-1] eglibc security update

2017-06-19T19:56:42
ID DEBIAN:DLA-992-1:4C2E8
Type debian
Reporter Debian
Modified 2017-06-19T19:56:42

Description

Package : eglibc Version : 2.13-38+deb7u12 CVE ID : CVE-2017-1000366

The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

For Debian 7 "Wheezy", these problems have been fixed in version 2.13-38+deb7u12.

We recommend that you upgrade your eglibc packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS