drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in glibc
Name: |
Zwei Probleme in glibc |
|
ID: |
FEDORA-2015-2845 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Mi, 4. März 2015, 16:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
Name : glibc Product : Fedora 20 Version : 2.18 Release : 19.fc20 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
------------------------------------------------------------------------------- - Update Information:
- Fix CVE-2014-6040: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
- Fix CVE-2014-7817: command execution in wordexp() with WRDE_NOCMD specified ------------------------------------------------------------------------------- - ChangeLog:
* Fri Feb 27 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-19 - wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, #1167569). * Mon Feb 23 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-18 - Crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1135842). * Wed Oct 1 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-17 - Fix lll_unlock twice in pthread_cond_broadcast (#1104400). * Fri Sep 26 2014 Carlos O'Donell <carlos@redhat.com> - 2.18-16 - Disable lock elision support for Intel hardware until microcode updates can be done in early bootup (#1146967). * Tue Aug 26 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-15 - Fix failing tst-setlocale3 (#rh1118581). * Tue Aug 26 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-14 - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, * Thu Feb 6 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-13 - Add pointer mangling support for ARM (#1019452). * Thu Jan 23 2014 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.18-12 - Use first name entry for address in /etc/hosts as the canonical name in getaddrinfo (#1047979). - Fix parsing of 0e+0 as float (#1055613). ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1157689 - CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified https://bugzilla.redhat.com/show_bug.cgi?id=1157689 [ 2 ] Bug #1135841 - CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) https://bugzilla.redhat.com/show_bug.cgi?id=1135841 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|