CVE-2012-4412
Publication date 9 October 2013
Last updated 24 July 2024
Ubuntu priority
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Status
Package | Ubuntu Release | Status |
---|---|---|
eglibc | 13.10 saucy |
Fixed 2.17-93ubuntu2
|
13.04 raring |
Fixed 2.17-0ubuntu5.1
|
|
12.10 quantal |
Fixed 2.15-0ubuntu20.2
|
|
12.04 LTS precise |
Fixed 2.15-0ubuntu10.5
|
|
11.10 oneiric | Ignored end of life | |
11.04 natty | Ignored end of life | |
10.04 LTS lucid |
Fixed 2.11.1-0ubuntu7.13
|
|
8.04 LTS hardy | Not in release | |
glibc | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Ignored end of life |
Patch details
Package | Patch details |
---|---|
eglibc |
References
Related Ubuntu Security Notices (USN)
- USN-1991-1
- GNU C Library vulnerabilities
- 21 October 2013