Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-992-1 eglibc

Debian Security Advisory

DLA-992-1 eglibc -- LTS security update

Date Reported:

19 Jun 2017

Affected Packages:

eglibc

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-1000366.

More information:

The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

For Debian 7 Wheezy, these problems have been fixed in version 2.13-38+deb7u12.

We recommend that you upgrade your eglibc packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS