SUSE-RU-2015:0794-1

Source
https://www.suse.com/support/update/announcement/2015/suse-ru-20150794-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2015:0794-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-RU-2015:0794-1
Related
Published
2014-08-29T01:15:58Z
Modified
2014-08-29T01:15:58Z
Summary
Security update for glibc
Details

This glibc update fixes a critical privilege escalation problem and two non-security issues:

* bnc#892073: An off-by-one error leading to a heap-based buffer
  overflow was found in __gconv_translit_find(). An exploit that
  targets the problem is publicly available. (CVE-2014-5119)
* bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv.
* bnc#888347: printf-multibyte-format.patch: Don't parse %s format
  argument as multi-byte string.

Security Issues:

* CVE-2014-5119
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>
References

Affected packages