Lucene search

K
osvGoogleOSV:DLA-494-1
HistoryMay 30, 2016 - 12:00 a.m.

eglibc - security update

2016-05-3000:00:00
Google
osv.dev
25

EPSS

0.038

Percentile

92.0%

Several vulnerabilities have been fixed in the Debian GNU C Library,
eglibc:

  • CVE-2016-1234
    Alexander Cherepanov discovered that the glibc’s glob implementation
    suffered from a stack-based buffer overflow when it was called with the
    GLOB_ALTDIRFUNC flag and encountered a long file name.
  • CVE-2016-3075
    The getnetbyname implementation in nss_dns was susceptible to a stack
    overflow and a crash if it was invoked on a very long name.
  • CVE-2016-3706
    Michael Petlan reported that getaddrinfo copied large amounts of address
    data to the stack, possibly leading to a stack overflow. This complements
    the fix for CVE-2013-4458.

For Debian 7 Wheezy, these problems have been fixed in version
2.13-38+deb7u11.

We recommend you to upgrade your eglibc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system, and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;