CVE-2014-4043

Published: 13 June 2014

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Priority

Low

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
Upstream
Released (2.19-2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.19-0ubuntu6.1)
Patches:
Upstream: https://sourceware.org/git/?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362 (p1)
Upstream: https://sourceware.org/git/?p=glibc.git;h=35a5e3e338ae17f3d42c60a708763c5d498fb840 (p2)
glibc
Launchpad, Ubuntu, Debian
Upstream
Released (2.19-2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist