Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in glibc
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in glibc
ID: FEDORA-2015-2845
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mi, 4. März 2015, 16:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817

Originalnachricht

Name        : glibc
Product : Fedora 20
Version : 2.18
Release : 19.fc20
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

- Fix CVE-2014-6040: crash in code page decoding functions (IBM933, IBM935,
IBM937, IBM939, IBM1364)

- Fix CVE-2014-7817: command execution in wordexp() with WRDE_NOCMD specified
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Feb 27 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-19
- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, #1167569).
* Mon Feb 23 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-18
- Crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1135842).
* Wed Oct 1 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-17
- Fix lll_unlock twice in pthread_cond_broadcast (#1104400).
* Fri Sep 26 2014 Carlos O'Donell <carlos@redhat.com> - 2.18-16
- Disable lock elision support for Intel hardware until microcode
updates can be done in early bootup (#1146967).
* Tue Aug 26 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-15
- Fix failing tst-setlocale3 (#rh1118581).
* Tue Aug 26 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-14
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
* Thu Feb 6 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-13
- Add pointer mangling support for ARM (#1019452).
* Thu Jan 23 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-12
- Use first name entry for address in /etc/hosts as the canonical name
in getaddrinfo (#1047979).
- Fix parsing of 0e+0 as float (#1055613).
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1157689 - CVE-2014-7817 glibc: command execution in wordexp() with
WRDE_NOCMD specified
https://bugzilla.redhat.com/show_bug.cgi?id=1157689
[ 2 ] Bug #1135841 - CVE-2014-6040 glibc: crash in code page decoding
functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
https://bugzilla.redhat.com/show_bug.cgi?id=1135841
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung