[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
integer overflow in xdr_array function in glibc
From: |
Andrew Marlow |
Subject: |
integer overflow in xdr_array function in glibc |
Date: |
Mon, 05 Aug 2002 13:03:00 +0100 |
CERT has reported a security vunerability in Sun's XDR library. The same
code is apparently in the GNU glib library. Here is the article that Sun
published about it:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46122&zone_32=category%3Asecurity
and here's what CERT have to say:
http://www.kb.cert.org/vuls/id/192995
CERT say that this has been reported to GNU glib developers but I can see
no record of it. They also say that GNU has not responded. I thought I
would report it just in case it's been missed. I only came across this by
chance because I browse CERT every now and then.
I would be grateful if the GNU glib developers could look into this and
report what they find one way or the other. If this has already been fixed
then when the bug receives wider news coverage it would be good for people
to know GNU are handling it.
Regards,
Andrew Marlow.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- integer overflow in xdr_array function in glibc,
Andrew Marlow <=