CVE-2014-0475
eglibc - security update
EPSS 0.78%
Description
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
How to fix CVE-2014-0475
To remediate CVE-2014-0475, upgrade the affected package to a fixed version below.
- Debian/eglibc—upgrade to 2.11.3-4+deb6u1 or later
- Debian/eglibc—upgrade to 2.13-38+deb7u3 or later
- —upgrade to 2.19-6 or later
Is CVE-2014-0475 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.11.3-4+deb6u1
- from 0, < 2.13-38+deb7u3
- from 0, < 2.19-6