Paketname
glibc
Datum
2011-11-25
Advisory ID
MDVSA-2011:179
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

Multiple vulnerabilities was discovered and fixed in glibc:

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

2011 i586

 dfd50f461cb6f307b28861853146961e  2011/i586/glibc-2.13-6.1-mdv2011.0.i586.rpm
 3128b74aaff36aea023ab2b7f04944fe  2011/i586/glibc-devel-2.13-6.1-mdv2011.0.i586.rpm
 dac62d6c3020180ace287b4e68af8d41  2011/i586/glibc-doc-2.13-6.1-mdv2011.0.i586.rpm
 b33f3c4f60b2f7e83c73bcdfae621298  2011/i586/glibc-doc-pdf-2.13-6.1-mdv2011.0.i586.rpm
 bb7ebd801da9537b5a6294178b84d529  2011/i586/glibc-i18ndata-2.13-6.1-mdv2011.0.i586.rpm
 d4af688906832f6fe7ce0318327ec7d9  2011/i586/glibc-profile-2.13-6.1-mdv2011.0.i586.rpm
 a36cac92c1d95a917722f3efc47d913d  2011/i586/glibc-static-devel-2.13-6.1-mdv2011.0.i586.rpm
 5cf50586154cfc0e644ad884f94ee0b3  2011/i586/glibc-utils-2.13-6.1-mdv2011.0.i586.rpm
 3c2e20f956724c1d68bd760ddd1bcd9d  2011/i586/nscd-2.13-6.1-mdv2011.0.i586.rpm 
 b1081b829cb6b3794ba6670768123e96  2011/SRPMS/glibc-2.13-6.1.src.rpm

2011 x86_64

 391fd990fbb899254466dced21383889  2011/x86_64/glibc-2.13-6.1-mdv2011.0.x86_64.rpm
 9f9c7f42f7b47e8e3bd64fd3bb16ffce  2011/x86_64/glibc-devel-2.13-6.1-mdv2011.0.x86_64.rpm
 c304129f1ddec2b85b598f1c5b1011f1  2011/x86_64/glibc-doc-2.13-6.1-mdv2011.0.x86_64.rpm
 99ac80802daaa951f3b29b6f35e52bdc  2011/x86_64/glibc-doc-pdf-2.13-6.1-mdv2011.0.x86_64.rpm
 e86e515f66a0a1c516c996640d5a9b63  2011/x86_64/glibc-i18ndata-2.13-6.1-mdv2011.0.x86_64.rpm
 75c612f1044a58d3c6ab2321eb24edc5  2011/x86_64/glibc-profile-2.13-6.1-mdv2011.0.x86_64.rpm
 885fa15b61932bfdd931ff1e65ff96bd  2011/x86_64/glibc-static-devel-2.13-6.1-mdv2011.0.x86_64.rpm
 1c2e24d5e0dc77afb47ed0a9ad1ae75c  2011/x86_64/glibc-utils-2.13-6.1-mdv2011.0.x86_64.rpm
 3c8ba07ade4bccefb17f4baa7420e67d  2011/x86_64/nscd-2.13-6.1-mdv2011.0.x86_64.rpm 
 b1081b829cb6b3794ba6670768123e96  2011/SRPMS/glibc-2.13-6.1.src.rpm

Referenzen