[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Patches] eglibc CVE-2011-2702

To: "patches@xxxxxxxxxx" <patches@xxxxxxxxxx>
Subject: [Patches] eglibc CVE-2011-2702
From: CT Security Vulnerability Monitoring <svm.ct@xxxxxxxxxxx>
Date: Wed, 29 Oct 2014 11:10:34 +0000

Hi,

has the security vulnerability CVE-2011-2702 has been fixed in any eglibc release yet?

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2702

Description:

“Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.”

I couldn’t find the CVE number in any eglibc release note.

with best regards,

Nilss Lode

Siemens ProductCERT

Siemens AG

Corporate Technology

Otto-Hahn-Ring 6

81739 Munich, Germany

Email: svm.ct@xxxxxxxxxxx

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Hermann Requardt, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

_______________________________________________
Patches mailing list
Patches@xxxxxxxxxx
http://eglibc.org/cgi-bin/mailman/listinfo/patches

Follow-Ups:
- Re: [Patches] eglibc CVE-2011-2702
  - From: Joseph S. Myers

Prev by Date: Re: [Patches] Any users of EGLIBC release branches?
Next by Date: Re: [Patches] eglibc CVE-2011-2702
Previous by thread: Re: [Patches] Any users of EGLIBC release branches?
Next by thread: Re: [Patches] eglibc CVE-2011-2702
Index(es):
- Date
- Thread