CVE-2014-5119 — eglibc - security update

Description

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

How to fix CVE-2014-5119

To remediate CVE-2014-5119, upgrade the affected package to a fixed version below.

Debian/eglibc—upgrade to 2.13-38+deb7u4 or later
Debian/glibc—upgrade to 2.19-10 or later

Is CVE-2014-5119 being exploited?

Moderate — EPSS is 21.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 2.13-38+deb7u4
from 0, < 2.19-10

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-5119