Package name
glibc
Date
2013-05-07
Advisory ID
MDVSA-2013:162
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in glibc:

Integer overflow in the vfprintf function in stdio-common/vfprintf.c
in glibc 2.14 and other versions allows context-dependent attackers to
bypass the FORTIFY_SOURCE protection mechanism, conduct format string
attacks, and write to arbitrary memory via a large number of arguments
(CVE-2012-0864).

Multiple errors in glibc's formatted printing functionality could
allow an attacker to bypass FORTIFY_SOURCE protections and execute
arbitrary code using a format string flaw in an application, even
though these protections are expected to limit the impact of such flaws
to an application abort (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406).

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold,
(4) strtod_l, and other unspecified related functions in stdlib in
GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a
denial of service (application crash) and possibly execute arbitrary
code via a long string, which triggers a stack-based buffer overflow
(CVE-2012-3480).

Buffer overflow in the extend_buffers function in the regular
expression matcher (posix/regexec.c) in glibc, possibly 2.17 and
earlier, allows context-dependent attackers to cause a denial of
service (memory corruption and crash) via crafted multibyte characters
(CVE-2013-0242).

Stack-based buffer overflow in the getaddrinfo function in
sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6)
2.17 and earlier allows remote attackers to cause a denial of service
(crash) via a (1) hostname or (2) IP address that triggers a large
number of domain conversion results (CVE-2013-1914).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 87712654b036070964fb35385f398279  mes5/i586/glibc-2.8-1.20080520.5.9mnb2.i586.rpm
 eae25c5265ca4d2dab2dbf8b0450b6a5  mes5/i586/glibc-devel-2.8-1.20080520.5.9mnb2.i586.rpm
 161b6288a6c2b13b299e6e7bdd699eae  mes5/i586/glibc-doc-2.8-1.20080520.5.9mnb2.i586.rpm
 08948383eccf30d736dfeaef53430eab  mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.9mnb2.i586.rpm
 6f1ae9e591ed477bf56c7a3a1f7770be  mes5/i586/glibc-i18ndata-2.8-1.20080520.5.9mnb2.i586.rpm
 7beb9227ce1bbff7fe2848b5fad3b4ca  mes5/i586/glibc-profile-2.8-1.20080520.5.9mnb2.i586.rpm
 2451007d981f0314f675e7edd387003b  mes5/i586/glibc-static-devel-2.8-1.20080520.5.9mnb2.i586.rpm
 e502bca8475975d9e2ce11eec93a10d2  mes5/i586/glibc-utils-2.8-1.20080520.5.9mnb2.i586.rpm
 63241c1d294d1972b3d12206e4d38eb3  mes5/i586/nscd-2.8-1.20080520.5.9mnb2.i586.rpm 
 641edd61d4e607e9ccd4c5b3c8c790ac  mes5/SRPMS/glibc-2.8-1.20080520.5.9mnb2.src.rpm

MES5 x86_64

 4c8e423f7ddc996f087e2fc304329b31  mes5/x86_64/glibc-2.8-1.20080520.5.9mnb2.x86_64.rpm
 e7d749c4c4ffdd3b8320ca4af0f1ed72  mes5/x86_64/glibc-devel-2.8-1.20080520.5.9mnb2.x86_64.rpm
 b5fb6b11ed3bb0ab2ad5168be6371457  mes5/x86_64/glibc-doc-2.8-1.20080520.5.9mnb2.x86_64.rpm
 f4392e4257f604bfb9baf17740e1cc7d  mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.9mnb2.x86_64.rpm
 0cddcf4e1d98b60c892ca22741b08d11  mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.9mnb2.x86_64.rpm
 301995478a3f943d5d0448cbc561e436  mes5/x86_64/glibc-profile-2.8-1.20080520.5.9mnb2.x86_64.rpm
 395f0f667999586e57e296c6b867e616  mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.9mnb2.x86_64.rpm
 0595e256f6c1e2f2c7f94cca21fd4f35  mes5/x86_64/glibc-utils-2.8-1.20080520.5.9mnb2.x86_64.rpm
 ea48c2685180f722187736bc8a624e58  mes5/x86_64/nscd-2.8-1.20080520.5.9mnb2.x86_64.rpm 
 641edd61d4e607e9ccd4c5b3c8c790ac  mes5/SRPMS/glibc-2.8-1.20080520.5.9mnb2.src.rpm

References