Descubierto bug de ejecucion remota en glibc

https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0235

Aun no hay informacion publica, pero bonito bonito bug. @melado ten a mano el update xD

Aqui algo mas de info: https://bugzilla.redhat.com/show_bug.cg ... -2015-0235

A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.


EDIT: Estado de paquetes en debian

https://security-tracker.debian.org/tra ... -2015-0235
0 respuestas