Package name
glibc
Date
2013-11-25
Advisory ID
MDVSA-2013:283
Affected versions
MBS1 x86_64

Problem description

Updated glibc packages fixes the following security issues:

Integer overflow in string/strcoll_l.c in the GNU C Library (aka
glibc or libc6) 2.17 and earlier allows context-dependent attackers
to cause a denial of service (crash) or possibly execute arbitrary
code via a long string, which triggers a heap-based buffer overflow
(CVE-2012-4412).

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library
(aka glibc or libc6) 2.17 and earlier allows context-dependent
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a long string that triggers a malloc failure and
use of the alloca function (CVE-2012-4424).

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not
properly check permissions for tty files, which allows local users
to change the permission on the files and obtain access to arbitrary
pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207).
NOTE! This is fixed by removing pt_chown wich may break chroots if
their devpts was not mounted correctly (make sure to mount the devpts
correctly with gid=5).

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6)
2.18 and earlier allows context-dependent attackers to cause a
denial of service (out-of-bounds write and crash) or possibly
execute arbitrary code via a crafted (1) NTFS or (2) CIFS image
(CVE-2013-4237).

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka
glibc or libc6) 2.18 and earlier allow context-dependent attackers to
cause a denial of service (heap corruption) via a large value to the
(1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5)
aligned_alloc functions (CVE-2013-4332).

A stack (frame) overflow flaw, which led to a denial of service
(application crash), was found in the way glibc's getaddrinfo()
function processed certain requests when called with AF_INET6. A
similar flaw to CVE-2013-1914, this affects AF_INET6 rather than
AF_UNSPEC (CVE-2013-4458).

The PTR_MANGLE implementation in the GNU C Library (aka glibc or
libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not
initialize the random value for the pointer guard, which makes it
easier for context- dependent attackers to control execution flow by
leveraging a buffer-overflow vulnerability in an application and using
the known zero value pointer guard to calculate a pointer address
(CVE-2013-4788).

Other fixes in this update:
- Correct the processing of '\x80' characters in crypt_freesec.c
- fix typo in nscd.service

Updated packages

MBS1 x86_64

 55e626f90fc3cf28ab6ec66ab762b12f  mbs1/x86_64/glibc-2.14.1-12.2.mbs1.x86_64.rpm
 fece70755163abb58742056a4f4e3773  mbs1/x86_64/glibc-devel-2.14.1-12.2.mbs1.x86_64.rpm
 a84eb58b428b2413863c8b90af89ac25  mbs1/x86_64/glibc-doc-2.14.1-12.2.mbs1.noarch.rpm
 f1630ad8a642250f4d067b207cd86e91  mbs1/x86_64/glibc-doc-pdf-2.14.1-12.2.mbs1.noarch.rpm
 80aae07c11abca7d1aef77c8c6bb85d2  mbs1/x86_64/glibc-i18ndata-2.14.1-12.2.mbs1.x86_64.rpm
 681d1f18d54f927d1468d01431cdeee4  mbs1/x86_64/glibc-profile-2.14.1-12.2.mbs1.x86_64.rpm
 73c26fe8c0598539cbd8600b6ae5426c  mbs1/x86_64/glibc-static-devel-2.14.1-12.2.mbs1.x86_64.rpm
 6c966f5e50d38d244ed23595035be72d  mbs1/x86_64/glibc-utils-2.14.1-12.2.mbs1.x86_64.rpm
 d6b26cd43c42324daf59e75eabbc2db1  mbs1/x86_64/nscd-2.14.1-12.2.mbs1.x86_64.rpm 
 912e1f62eb8aeb0dd8745c83c1c97bb9  mbs1/SRPMS/glibc-2.14.1-12.2.mbs1.src.rpm

References