Candidate: CVE-2018-7409
PublicDate: 2018-02-22 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7409
 http://www.unixodbc.org/unixODBC-2.3.5.tar.gz
 https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download
Description:
 In unixODBC before 2.3.5, there is a buffer overflow in the
 unicode_to_ansi_copy() function in DriverManager/__info.c.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891596
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_unixodbc:
 upstream: https://sourceforge.net/p/unixodbc/code/136/
 upstream: https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
upstream_unixodbc: released (2.3.5)
precise/esm_unixodbc: ignored (end of ESM support, was needed)
trusty_unixodbc: ignored (reached end-of-life)
trusty/esm_unixodbc: needed
xenial_unixodbc: ignored (end of standard support, was needed)
esm-infra/xenial_unixodbc: needed
artful_unixodbc: ignored (reached end-of-life)
bionic_unixodbc: released (2.3.4-1.1ubuntu3)
cosmic_unixodbc: released (2.3.4-1.1ubuntu3)
disco_unixodbc: released (2.3.4-1.1ubuntu3)
eoan_unixodbc: released (2.3.4-1.1ubuntu3)
focal_unixodbc: released (2.3.4-1.1ubuntu3)
groovy_unixodbc: released (2.3.4-1.1ubuntu3)
hirsute_unixodbc: released (2.3.4-1.1ubuntu3)
impish_unixodbc: released (2.3.4-1.1ubuntu3)
jammy_unixodbc: released (2.3.4-1.1ubuntu3)
devel_unixodbc: released (2.3.4-1.1ubuntu3)