CVE-2015-8982

Priority
Medium
Description
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or
libc6) before 2.21 allows context-dependent attackers to cause a denial of
service (crash) or possibly execute arbitrary code via a long string, which
triggers a stack-based buffer overflow.
Ubuntu-Description
It was discovered that the GNU C Library incorrectly handled the
strxfrm() function. An attacker could use this issue to cause a
denial of service or possibly execute arbitrary code.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.10)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.21)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:not-affected (2.21-0ubuntu4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.23-0ubuntu3)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.23-0ubuntu3)
More Information

Updated: 2017-08-11 23:54:10 UTC (commit 13081)