Source: glibc Version: 2.19-18 Severity: grave Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=18203
Hi glibc maintainers, the following vulnerability was published for glibc, filling as grave due to the privilege escalation potential, but by default in Debian unprivileged userns clone is not enabled, so the attack reduced. The issue should we think preferably be fixed in a point release. CVE-2018-1000001[0]: Libc Realpath Buffer Underflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001 [1] http://www.openwall.com/lists/oss-security/2018/01/11/5 [2] https://sourceware.org/bugzilla/show_bug.cgi?id=18203 [3] https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/ Regards, Salvatore