Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in glibc
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in glibc
ID: FEDORA-2012-2162
Distribution: Fedora
Plattformen: Fedora 16
Datum: So, 26. Februar 2012, 08:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864
Applikationen: GNU C library

Originalnachricht

Name        : glibc
Product : Fedora 16
Version : 2.14.90
Release : 24.fc16.6
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

Avoid "nargs" integer overflow which can be used to bypass
FORTIFY_SOURCE protections.

Revert changes for 552960, they're still causing problems.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Feb 20 2012 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.6
- Avoid "nargs" integer overflow which could be used to bypass
FORTIFY_SOURCE (#794797)
- Disable 552960/769421 patches again, they're still not right.
* Fri Feb 10 2012 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.5
- Fix lost wakeups in pthread_cond_*. (#552960, #769421)
- Define x86_64 feraiseexcept inline only under __USE_EXTERN_INLINES
(#769993).
* Thu Dec 22 2011 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.4
- Revert change for 552960, it's causing multiple problems.
* Sun Dec 18 2011 Jeff Law <law@redhat.com> - 2.14.90-24.fc16.3
- Check values from TZ file header (#767696)
- Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960)
- Add {dist}.#
- Correct return value from pthread_create when stack alloction fails.
(#767746)
* Wed Dec 7 2011 Jeff Law <law@redhat.com> - 2.14.90-23
- Fix a wrong constant in powerpc hypot implementation (#750811)
- Truncate time values in Linux futimes when falling back to utime
* Mon Dec 5 2011 Jeff Law <law@redhat.com> - 2.14.90-22
- Mark fortified __FD_ELT as extension (#761021)
- Fix typo in manual (#708455)
* Wed Nov 30 2011 Jeff Law <law@redhat.com> - 2.14.90-21
- Don't fail in makedb if SELinux is disabled (#750858)
- Fix access after end of search string in regex matcher (#757887)
* Mon Nov 28 2011 Jeff Law <law@redhat.com> - 2.14.90-20
- Drop lock before calling malloc_printerr (#757881)
* Fri Nov 18 2011 Jeff Law <law@redhat.com> - 2.14.90-19
- Check malloc arena atomically (BZ#13071)
- Don't call reused_arena when _int_new_arena failed (#753601)
* Wed Nov 16 2011 Jeff Law <law@redhat.com> - 2.14.90-18
- Fix grouping and reuse other locales in various locales (BZ#13147)
* Tue Nov 15 2011 Jeff Law <law@redhat.com> - 2.14.90-17
Revert bogus commits/rebasing of Nov 14, Nov 11 and Nov 8. Sources
should be equivalent to Fedora 16's initial release.
* Wed Oct 26 2011 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 2.14.90-15
- Rebuilt for glibc bug#747377
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #794797 - CVE-2012-0864 glibc: F_S format string protection bypass
via "nargs" integer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=794797
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung