|
|
Subscribe / Log in / New account

Arch Linux alert ASA-201802-14 (unixodbc)



From:
    	      Levente Polyak <anthraxx@archlinux.org> 


To:
    	      arch-security@archlinux.org 


Subject:
    	      [ASA-201802-14] unixodbc: arbitrary code execution 


Date:
    	      Sat, 24 Feb 2018 01:46:30 +0100


Message-ID:
    	      <57ebd6a8-e890-6a10-3dca-03314306a65d@archlinux.org>


Arch Linux Security Advisory ASA-201802-14
==========================================

Severity: High
Date    : 2018-02-23
CVE-ID  : CVE-2018-7409
Package : unixodbc
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-627

Summary
=======

The package unixodbc before version 2.3.5-1 is vulnerable to arbitrary
code execution.

Resolution
==========

Upgrade to 2.3.5-1.

# pacman -Syu "unixodbc>=2.3.5-1"

The problem has been fixed upstream in version 2.3.5.

Workaround
==========

None.

Description
===========

In unixODBC before 2.3.5, there is a buffer overflow in the
unicode_to_ansi_copy() function in DriverManager/__info.c possibly
leading to arbitrary code execution.

Impact
======

A remote attacker is able to execute arbitrary code on the affected
host.

References
==========

https://security.archlinux.org/CVE-2018-7409
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds