[kernel-xen] CVE-2015-0235 / RHSA-2015:0092
Steven Haigh
netwiz at crc.id.au
Wed Jan 28 11:48:08 AEDT 2015
As an FYI - Not Xen specific - but nasty enough that everyone should be
aware of this...
A heap-based buffer overflow was found in __nss_hostname_digits_dots(),
which is used by the gethostbyname() and gethostbyname2() glibc function
call. A remote attacker could use this flaw to execute arbitary code
with the permissions of the user running the application.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
https://rhn.redhat.com/errata/RHSA-2015-0092.html
--
Steven Haigh
Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20150128/c5ba59ff/attachment.sig>
More information about the kernel-xen
mailing list