Sicherheit: Mehrere Probleme in eglibc und glibc (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============4661515559838801464==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig4E72F9EBC8D5BCF2AC06160B"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4E72F9EBC8D5BCF2AC06160B
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1589-2
December 17, 2012

glibc regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

USN-1589-1 exposed a regression in the GNU C Library floating point parser.

Software Description:
- glibc: GNU C Library

Details:

USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates
exposed a regression in the floating point parser. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that positional arguments to the printf() family
of functions were not handled properly in the GNU C Library. An
attacker could possibly use this to cause a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
It was discovered that multiple integer overflows existed in the
strtod(), strtof() and strtold() functions in the GNU C Library. An
attacker could possibly use this to trigger a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3480)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
libc6 2.7-10ubuntu8.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1589-2
http://www.ubuntu.com/usn/usn-1589-1
CVE-2012-3480

Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.3

--------------enig4E72F9EBC8D5BCF2AC06160B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQzyluAAoJEGVp2FWnRL6TrXMQAK6RW3mqaQcS3K96t4E/MJYy
bAFeyFZSXSzlf1dvyk1J/PObXhRlfNcQYuA7uEOOYGs9I+DWIj4d4shLsGWGMOYJ
/4mAs4Q1gO+zg5ICDskqeSCIoFFO26gk0xU49DHF1fiOZIA42iE2aeuxBEStITnR
JHCTzwfoTSWXC1fcNRYd7PWySeznIEv4i+2Wvlkq3NHji7NFVJFK2NtZ1/3u6bHT
D1CTZ3wGvTM/1S7RnQ/unhWZJxtLOnhsMe0n6Yj/JK7hcuSe7EEvdzNLvlpX2gWa
OkQDypqlXysBC20XgkiE2Watye8+nYH0Hl0812s3zUlU5QkuK97f947YnzlMoJZ1
jOjxLRHsaQnqv+I9H2Ly23iIYQVrZ1UzdD4HuhAQ7fSmhq7bUOQFGEcQo0yMRGdY
Zd31xP6T2iGVtu+6QoMRo+CW4/GQ+PMGe53s7fSGcHPDpaAOgO3iPQDapxiXqPPh
B9I32MG/C/THwWKiSHy65PC/ggSXwQxcJLL4bBEanVXXm3KoaBLIxsub0yO7IxAa
MM/C76lBkp4sLQUR2keNucgfkFxrxRMWK5fITCCw5aP/+vQ0pbh7Cebpes7UlwzK
aW+/h7HostUwDkPNAE/wXq5w2obzSFf9YgIYbhxCkUwOsL2SlekE7quOhwRzlhL1
zsdViBhikdi9/UEIUe5E
=Thi3
-----END PGP SIGNATURE-----

--------------enig4E72F9EBC8D5BCF2AC06160B--

--===============4661515559838801464==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4661515559838801464==--