CVE-2014-4043
Published: 13 June 2014
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
lucid |
Released
(2.11.1-0ubuntu7.14)
|
precise |
Released
(2.15-0ubuntu10.6)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(2.19-0ubuntu6.1)
|
|
upstream |
Released
(2.19-2)
|
|
Patches: upstream: https://sourceware.org/git/?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362 (p1) upstream: https://sourceware.org/git/?p=glibc.git;h=35a5e3e338ae17f3d42c60a708763c5d498fb840 (p2) |
||
glibc Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.19-2)
|