[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Patches] eglibc CVE-2011-2702



Hi,
 
has the security vulnerability CVE-2011-2702 has been fixed in any eglibc release yet?
 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2702
 
Description:
“Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.”
 
I couldn’t find the CVE number in any eglibc release note.
 
with best regards,
 
Nilss Lode
Siemens ProductCERT
 
Siemens AG
Corporate Technology
Otto-Hahn-Ring 6
81739 Munich, Germany
Email: svm.ct@xxxxxxxxxxx
 
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Hermann Requardt, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

 
 
 
_______________________________________________
Patches mailing list
Patches@xxxxxxxxxx
http://eglibc.org/cgi-bin/mailman/listinfo/patches