drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in glibc
Name: |
Mehrere Probleme in glibc |
|
ID: |
FEDORA-2013-15053 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Fr, 23. August 2013, 08:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
Name : glibc Product : Fedora 19 Version : 2.17 Release : 13.fc19 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
------------------------------------------------------------------------------- - Update Information:
glibc security update:
CVE-2012-4412 glibc: strcoll() integer overflow leading to buffer overflow
CVE-2012-4424 glibc: alloca() stack overflow in the strcoll() interface
CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures
CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal
CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
Fix for CVE-2013-2207 may break chroots if their devpts was not mounted correctly. Fix is to mount the devpts correctly with gid=5. ------------------------------------------------------------------------------- - ChangeLog:
* Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-13 - Fix stack overflow in getaddrinfo with many results (#947892, CVE-2013-1914). * Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-12 - Disable pt_chown (#984829, CVE-2013-2207). - Fix strcoll flaws (#855399, CVE-2012-4412, CVE-2012-4424). - Fix buffer overflow in readdir_r (#995841, CVE-2013-4237). * Tue Jun 25 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-11 - Fix libm performance regression due to set/restore rounding mode (#977887). * Tue Jun 25 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-10 - Preserve errno across _PC_CHOWN_RESTRICTED call on XFS (#977870). - Remove PIPE_BUF Linux-specific code (#977872). - Fix FPE in memusagestat when malloc utilization is zero (#977874). - Accept leading and trailing spaces in getdate input string (#977875). * Thu Jun 20 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-9 - Set EAI_SYSTEM only when h_errno is NETDB_INTERNAL (#958652). * Tue Jun 4 2013 Jeff Law <law@redhat.com> - 2.17-8 - Fix ESTALE error message (#966259) * Sun May 5 2013 Patsy Franklin <pfrankli@redhat.com> - 2.17-7 - Fix _nl_find_msg malloc failure case, and callers. (#959034). * Tue Apr 30 2013 Patsy Franklin <pfrankli@redhat.com> - 2.17-6 - Test init_fct for NULL, not result->__init_fct, after demangling (#952799). * Tue Apr 23 2013 Patsy Franklin <pfrankli@redhat.com> - 2.17-5 - Increase limits on xdr name and record requests (#892777). - Consistently MANGLE/DEMANGLE init_fct, end_fct and btow_fct (#952799). ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #995839 - CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters https://bugzilla.redhat.com/show_bug.cgi?id=995839 [ 2 ] Bug #855385 - CVE-2012-4412 glibc: strcoll() integer overflow leading to buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=855385 [ 3 ] Bug #976408 - CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal https://bugzilla.redhat.com/show_bug.cgi?id=976408 [ 4 ] Bug #947882 - CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures https://bugzilla.redhat.com/show_bug.cgi?id=947882 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|