[ MDVSA-2015:039 ] glibc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:039
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : glibc
 Date    : February 10, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in glibc:
 
 Heap-based buffer overflow in the __nss_hostname_digits_dots
 function in glibc 2.2, and other 2.x versions before 2.18, allows
 context-dependent attackers to execute arbitrary code via vectors
 related to the (1) gethostbyname or (2) gethostbyname2 function,
 aka GHOST. (CVE-2015-0235)
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin

Leave a Reply