|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for klibc (DLA-2695-1)|
|Summary:||The remote host is missing an update for the 'klibc'; package(s) announced via the DLA-2695-1 advisory.|
The remote host is missing an update for the 'klibc'
package(s) announced via the DLA-2695-1 advisory.
Several vulnerabilities have been discovered in klibc. Depending on
how klibc is used, these could lead to the execution of arbitrary
code, privilege escalation, or denial of service.
Thanks to Microsoft Vulnerability Research for reporting the heap bugs
and going some of the way to identifying the cpio bugs.
Multiplication in the calloc() function may result in an integer
overflow and a subsequent heap buffer overflow.
An integer overflow in the cpio command may result in a NULL
Multiple possible integer overflows in the cpio command on 32-bit
systems may result in a buffer overflow or other security impact.
Additions in malloc() function may result in integer overflow and
subsequent heap buffer overflow.
'klibc' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
We recommend that you upgrade your klibc packages.
Common Vulnerability Exposure (CVE) ID: CVE-2021-31870|
Common Vulnerability Exposure (CVE) ID: CVE-2021-31871
Common Vulnerability Exposure (CVE) ID: CVE-2021-31872
Common Vulnerability Exposure (CVE) ID: CVE-2021-31873
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.