Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-2702

Published: 20 July 2011

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

Notes

AuthorNote
jdstrand
Ubuntu 10.10 have the corrected code

Priority

Medium

Status

Package Release Status
glibc
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Not vulnerable
(code-not-present)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

Patches:

other: http://sourceware.org/git/?p=glibc.git;a=commit;h=a0ac24d98ace90d1ccba6a2f3e7d55600f2fdb6e
eglibc
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Does not exist

lucid
Released (2.11.1-0ubuntu7.10)
maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

Patches:
upstream: http://www.eglibc.org/cgi-bin/viewvc.cgi?view=rev&revision=10032