This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.11

---------------
eglibc (2.11.1-0ubuntu7.11) lucid-security; urgency=low

  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
      handling positional parameters in printf.
    - CVE-2012-3404
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3405.patch: fix extension of array
    - CVE-2012-3405
  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480
  * debian/patches/any/strtod_overflow_bug7066.patch: Fix array
    overflow in floating point parser triggered by applying patch for
    CVE-2012-3480
  * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i486-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i386,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i686,
    debian/testsuite-checking/expected-results-i686-linux-gnu-xen,
    debian/testsuite-checking/expected-results-sparc64-linux-gnu-sparc64:
    update for pre-existing testsuite failures that prevents FTBFS
    when the testsuite is enabled.
 -- Steve Beattie <[email protected]>   Fri, 28 Sep 2012 23:48:21 -0700

** Changed in: eglibc (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3480

** Changed in: glibc (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1031301

Title:
  Exploit for unpatched CVE reported in wild.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1031301/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to