drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in eglibc und glibc
Name: |
Mehrere Probleme in eglibc und glibc |
|
ID: |
USN-1589-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Di, 2. Oktober 2012, 07:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480 |
|
Applikationen: |
GNU C library, GNU C library |
|
Originalnachricht |
--===============2167244417704396704== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LyciRD1jyfeSSjG0" Content-Disposition: inline
--LyciRD1jyfeSSjG0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1589-1 October 02, 2012
eglibc, glibc vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
Multiple security issues were fixed in the GNU C Library.
Software Description: - eglibc: GNU C Library - glibc: GNU C Library
Details:
It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.2
Ubuntu 11.10: libc6 2.13-20ubuntu5.2
Ubuntu 11.04: libc6 2.13-0ubuntu13.2
Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.11
Ubuntu 8.04 LTS: libc6 2.7-10ubuntu8.2
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1589-1 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
Package Information: https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.2 https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.2 https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.2 https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.11 https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.2
--LyciRD1jyfeSSjG0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJQangYAAoJEC8Jno0AXoH0N0gQAKS1bYdmKMVRXE0ggyvn9dVL D0ikrbaJO0zd8rSNylaJMWbrrBpdIrU6W5+FEfMuELU9qRfuOE9iiz0aD2EnkUz6 tc7fk0Qv3Zw48EX561QYVZQAP1eZkFCPtkfQrCB7mIwFz0/BeOEmpQlHbEf7gUNS IjkyP3T4db+/v6sOIHhKAoKs8WWLj6yUA4R7qAMVZzKU0+XPShcwAFVZLFt+a9Bp QWFx9slz/kflkADvZ3Lc/oeyIuUPp7zsWyTXHMvCVmBd0mfB/flfRaLtB/jD24rm aBJe2gi1Sv/1/oNMw1NQkSTxMCY+n0g7001PkUmsFru18GGBmfyy+3JeOAWSkqzB /TesSZyzyGWl+X5mXaGBnG2DzM4WShPYqBLHYRlV0VpHOktSCkzLjOr31hL5N09O 53J+GLsop/veqhY2UKH2FuCl8mUOVkw2vlEXhh9NMIOw13PbxGjhg4loHyKylLlp 6c6RWqbCzOt0lbpfGODW4Ayz3tgGaO27DmzArH7d4/EmF56XwCTgktnw2PVGjVzv FojgEGYS1oh/sg9Sf5Kr1iBSPVvBXD5Ni6gAYaQl2Pw8y6iJRLhyCbxoNCI6+Uv9 Zw0yrR9ZYgDRTF+Zz8yD+GoOij+65ClfFD3qd+Ao4RJ6DxiuHmQGZN2MrelKLvRl UTpedVorljuZ+O7hfFLq =y8vD -----END PGP SIGNATURE-----
--LyciRD1jyfeSSjG0--
--===============2167244417704396704== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2167244417704396704==--
|
|
|
|