CVE-2016-1234

Priority
Low
Description
Stack-based buffer overflow in the glob implementation in GNU C Library
(aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows
context-dependent attackers to cause a denial of service (crash) via a long
name.
Ubuntu-Description
Alexander Cherepanov discovered a stack-based buffer overflow in the
glob implementation of the GNU C Library. An attacker could use this
to specially craft a directory layout and cause a denial of service.
References
Bugs
Notes
 sbeattie> see glibc bug for reproducer
 sbeattie> requires malicious fs layout
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.10)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.24)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.24-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu6)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.24-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea
More Information

Updated: 2017-08-11 23:19:41 UTC (commit 13081)