CVE-2015-8776 (retired)

Priority
Description
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23
allows context-dependent attackers to cause a denial of service
(application crash) or possibly obtain sensitive information via an
out-of-range time value.
Ubuntu-Description
Adam Nielsen discovered that the strftime function in the GNU C
Library did not properly handle out-of-range argument data. An
attacker could use this to cause a denial of service (application
crash) or possibly expose sensitive information.
Notes
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.14)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.23-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
More Information

Updated: 2019-10-09 07:54:27 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)