drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in glibc
Name: |
Zahlenüberlauf in glibc |
|
ID: |
FEDORA-2012-2162 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
So, 26. Februar 2012, 08:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
Name : glibc Product : Fedora 16 Version : 2.14.90 Release : 24.fc16.6 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
------------------------------------------------------------------------------- - Update Information:
Avoid "nargs" integer overflow which can be used to bypass FORTIFY_SOURCE protections.
Revert changes for 552960, they're still causing problems. ------------------------------------------------------------------------------- - ChangeLog:
* Mon Feb 20 2012 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.6 - Avoid "nargs" integer overflow which could be used to bypass FORTIFY_SOURCE (#794797) - Disable 552960/769421 patches again, they're still not right. * Fri Feb 10 2012 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.5 - Fix lost wakeups in pthread_cond_*. (#552960, #769421) - Define x86_64 feraiseexcept inline only under __USE_EXTERN_INLINES (#769993). * Thu Dec 22 2011 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.4 - Revert change for 552960, it's causing multiple problems. * Sun Dec 18 2011 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.3 - Check values from TZ file header (#767696) - Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960) - Add {dist}.# - Correct return value from pthread_create when stack alloction fails. (#767746) * Wed Dec 7 2011 Jeff Law <law@redhat.com> - 2.14.90-23 - Fix a wrong constant in powerpc hypot implementation (#750811) - Truncate time values in Linux futimes when falling back to utime * Mon Dec 5 2011 Jeff Law <law@redhat.com> - 2.14.90-22 - Mark fortified __FD_ELT as extension (#761021) - Fix typo in manual (#708455) * Wed Nov 30 2011 Jeff Law <law@redhat.com> - 2.14.90-21 - Don't fail in makedb if SELinux is disabled (#750858) - Fix access after end of search string in regex matcher (#757887) * Mon Nov 28 2011 Jeff Law <law@redhat.com> - 2.14.90-20 - Drop lock before calling malloc_printerr (#757881) * Fri Nov 18 2011 Jeff Law <law@redhat.com> - 2.14.90-19 - Check malloc arena atomically (BZ#13071) - Don't call reused_arena when _int_new_arena failed (#753601) * Wed Nov 16 2011 Jeff Law <law@redhat.com> - 2.14.90-18 - Fix grouping and reuse other locales in various locales (BZ#13147) * Tue Nov 15 2011 Jeff Law <law@redhat.com> - 2.14.90-17 Revert bogus commits/rebasing of Nov 14, Nov 11 and Nov 8. Sources should be equivalent to Fedora 16's initial release. * Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.14.90-15 - Rebuilt for glibc bug#747377 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #794797 - CVE-2012-0864 glibc: F_S format string protection bypass via "nargs" integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=794797 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|