Advisories » MGASA-2015-0072

Updated glibc packages fix security vulnerabilities

Publication date: 17 Feb 2015
Modification date: 17 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1472 , CVE-2015-1473

Description

Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472).

The incorrect use of "__libc_use_alloca (newsize)" caused a different
(and weaker) policy to be enforced which could allow a denial of service
attack (CVE-2015-1473).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15259
• http://www.openwall.com/lists/oss-security/2015/02/04/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473

SRPMS

4/core

• glibc-2.18-9.9.mga4