CVE-2011-1071
Published: 8 April 2011
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(2.11.1-0ubuntu7.10)
|
|
maverick |
Released
(2.12.1-0ubuntu10.4)
|
|
natty |
Not vulnerable
(2.13-0ubuntu13)
|
|
oneiric |
Not vulnerable
(2.13-0ubuntu13)
|
|
upstream |
Released
(2.12.2)
|
|
Patches: upstream: http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6 upstream: http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485 |
||
glibc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(2.7-10ubuntu8.1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(2.12.2)
|
|
Patches: upstream: http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6 upstream: http://sourceware.org/git/?p=glibc.git;a=commit;h=8126d90480fa3e0c5c5cd0d02cb1c93174b45485 |