Mehrere Probleme in eglibc und glibc
ID: | USN-1589-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
Datum: | Di, 2. Oktober 2012, 07:33 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480 |
Applikationen: | GNU C library, GNU C library |
Originalnachricht |
|
--===============2167244417704396704== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LyciRD1jyfeSSjG0" Content-Disposition: inline --LyciRD1jyfeSSjG0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-1589-1 October 02, 2012 eglibc, glibc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Multiple security issues were fixed in the GNU C Library. Software Description: - eglibc: GNU C Library - glibc: GNU C Library Details: It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.2 Ubuntu 11.10: libc6 2.13-20ubuntu5.2 Ubuntu 11.04: libc6 2.13-0ubuntu13.2 Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.11 Ubuntu 8.04 LTS: libc6 2.7-10ubuntu8.2 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1589-1 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480 Package Information: https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.2 https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.2 https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.2 https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.11 https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.2 --LyciRD1jyfeSSjG0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJQangYAAoJEC8Jno0AXoH0N0gQAKS1bYdmKMVRXE0ggyvn9dVL D0ikrbaJO0zd8rSNylaJMWbrrBpdIrU6W5+FEfMuELU9qRfuOE9iiz0aD2EnkUz6 tc7fk0Qv3Zw48EX561QYVZQAP1eZkFCPtkfQrCB7mIwFz0/BeOEmpQlHbEf7gUNS IjkyP3T4db+/v6sOIHhKAoKs8WWLj6yUA4R7qAMVZzKU0+XPShcwAFVZLFt+a9Bp QWFx9slz/kflkADvZ3Lc/oeyIuUPp7zsWyTXHMvCVmBd0mfB/flfRaLtB/jD24rm aBJe2gi1Sv/1/oNMw1NQkSTxMCY+n0g7001PkUmsFru18GGBmfyy+3JeOAWSkqzB /TesSZyzyGWl+X5mXaGBnG2DzM4WShPYqBLHYRlV0VpHOktSCkzLjOr31hL5N09O 53J+GLsop/veqhY2UKH2FuCl8mUOVkw2vlEXhh9NMIOw13PbxGjhg4loHyKylLlp 6c6RWqbCzOt0lbpfGODW4Ayz3tgGaO27DmzArH7d4/EmF56XwCTgktnw2PVGjVzv FojgEGYS1oh/sg9Sf5Kr1iBSPVvBXD5Ni6gAYaQl2Pw8y6iJRLhyCbxoNCI6+Uv9 Zw0yrR9ZYgDRTF+Zz8yD+GoOij+65ClfFD3qd+Ao4RJ6DxiuHmQGZN2MrelKLvRl UTpedVorljuZ+O7hfFLq =y8vD -----END PGP SIGNATURE----- --LyciRD1jyfeSSjG0-- --===============2167244417704396704== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============2167244417704396704==-- |