Source: glibc Version: 2.19-18+deb8u1 Severity: important Tags: patch security
Dear Maintainer, GNU C Library (glibc) contains integer overflows in the enlarge_userbuf() and _IO_wstr_overflow() functions in libio/wstrops.c. These issues are triggered as user-supplied input is not properly validated. This may allow a context- dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. Versions <= 2.22 are affected. References: https://bugs.gentoo.org/show_bug.cgi?id=541246 https://bugzilla.redhat.com/show_bug.cgi?id=1195762 https://sourceware.org/bugzilla/show_bug.cgi?id=17269 http://seclists.org/oss-sec/2015/q1/646 Patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
