Resource Management Errors Affecting glibc package, versions <2.7-8
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-GLIBC-521729
- published 17 Mar 2008
- disclosed 17 Mar 2008
Introduced: 17 Mar 2008
CVE-2008-1367 Open this link in a new tabHow to fix?
Upgrade Debian:11 glibc to version 2.7-8 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
References
- https://security-tracker.debian.org/tracker/CVE-2008-1367
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
- http://marc.info/?l=git-commits-head&m=120492000901739&w=2
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51
- http://lists.vmware.com/pipermail/security-announce/2008/000023.html
- http://lkml.org/lkml/2008/3/5/207
- http://lwn.net/Articles/272048/#Comments
- http://www.vupen.com/english/advisories/2008/2222/references
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108
- https://bugzilla.redhat.com/show_bug.cgi?id=437312
- http://rhn.redhat.com/errata/RHSA-2008-0508.html
- http://secunia.com/advisories/30110
- http://secunia.com/advisories/30116
- http://secunia.com/advisories/30818
- http://secunia.com/advisories/30850
- http://secunia.com/advisories/30890
- http://secunia.com/advisories/30962
- http://secunia.com/advisories/31246
- http://www.securityfocus.com/bid/29084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41340
- http://www.redhat.com/support/errata/RHSA-2008-0211.html
- http://www.redhat.com/support/errata/RHSA-2008-0233.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51