MDVSA-2011:178

Package name
glibc
Date
2011-11-25
Advisory ID
MDVSA-2011:178
Affected versions
MES5 i586 , MES5 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problem description

Multiple vulnerabilities was discovered and fixed in glibc:

Multiple untrusted search path vulnerabilities in elf/dl-object.c in
certain modified versions of the GNU C Library (aka glibc or libc6),
including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
Enterprise Linux, allow local users to gain privileges via a crafted
dynamic shared object (DSO) in a subdirectory of the current working
directory during execution of a (1) setuid or (2) setgid program that
has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because
of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
(EGLIBC) allow context-dependent attackers to execute arbitrary code
or cause a denial of service (memory consumption) via a long UTF8
string that is used in an fnmatch call, aka a stack extension attack,
a related issue to CVE-2010-2898, as originally reported for use of
this library by Google Chrome (CVE-2011-1071).

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).

locale/programs/locale.c in locale in the GNU C Library (aka glibc
or libc6) before 2.13 does not quote its output, which might allow
local users to gain privileges via a crafted localization environment
variable, in conjunction with a program that executes a script that
uses the eval function (CVE-2011-1095).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 73cffaaa03648c9eb01ed50b5fdd0cee  mes5/i586/glibc-2.8-1.20080520.5.8mnb2.i586.rpm
 5e9ec7d6e3f319b5076dd51506d47032  mes5/i586/glibc-devel-2.8-1.20080520.5.8mnb2.i586.rpm
 c80b37f1a750968735f8ce51c920e84e  mes5/i586/glibc-doc-2.8-1.20080520.5.8mnb2.i586.rpm
 7de1f541c2bf6e17a4f3007cad517140  mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.i586.rpm
 27a365665846989b629b0cb3fb15acfd  mes5/i586/glibc-i18ndata-2.8-1.20080520.5.8mnb2.i586.rpm
 3f2f68a0bc47bace3586919671c7f1b4  mes5/i586/glibc-profile-2.8-1.20080520.5.8mnb2.i586.rpm
 17019cf79cf3864c537e12aefd48a23d  mes5/i586/glibc-static-devel-2.8-1.20080520.5.8mnb2.i586.rpm
 7ad8f634ee4e0c5fc0f340dcfebcf0fb  mes5/i586/glibc-utils-2.8-1.20080520.5.8mnb2.i586.rpm
 53a5dc175995723322a13a7e3bbd6c41  mes5/i586/nscd-2.8-1.20080520.5.8mnb2.i586.rpm 
 6fcd77d9eac9fa71f91dcb1218afd628  mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm

MES5 x86_64

 33f73ece95aa39c59e0370449f13d3af  mes5/x86_64/glibc-2.8-1.20080520.5.8mnb2.x86_64.rpm
 626f8e4774270e50c5e9bf2bc7dfa64c  mes5/x86_64/glibc-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm
 c9d59258ac0fc0463c585405bb46327a  mes5/x86_64/glibc-doc-2.8-1.20080520.5.8mnb2.x86_64.rpm
 f81b494a1d394c48921c99983288c538  mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.x86_64.rpm
 1c972a49ecbfc91d0a156dd743894c14  mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.8mnb2.x86_64.rpm
 45aa431a8a9920d188698ae64fe5466d  mes5/x86_64/glibc-profile-2.8-1.20080520.5.8mnb2.x86_64.rpm
 ecf5dca4c8bc49c1e3ebeb2a698b38a3  mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm
 8de7d2dfa8ea598aac75faf24f606f13  mes5/x86_64/glibc-utils-2.8-1.20080520.5.8mnb2.x86_64.rpm
 7615c6e96903c8c146d5ae2d2912c6ee  mes5/x86_64/nscd-2.8-1.20080520.5.8mnb2.x86_64.rpm 
 6fcd77d9eac9fa71f91dcb1218afd628  mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm

2010.1 i586

 4af7f6efb12c5be3ad435a6d9865be57  2010.1/i586/glibc-2.11.1-8.3mnb2.i586.rpm
 82f97e43fc7ab7ee2fbfc92d9ed844f0  2010.1/i586/glibc-devel-2.11.1-8.3mnb2.i586.rpm
 013f4da3b270a6860e9ae171b456a488  2010.1/i586/glibc-doc-2.11.1-8.3mnb2.i586.rpm
 65da2025a253885a3a3e0699eb407a61  2010.1/i586/glibc-doc-pdf-2.11.1-8.3mnb2.i586.rpm
 e5b6f256bad2b8afa7674e2f4d3c80bc  2010.1/i586/glibc-i18ndata-2.11.1-8.3mnb2.i586.rpm
 319ecf5d08bc0e0aab9b0cf3e5cf6a6e  2010.1/i586/glibc-profile-2.11.1-8.3mnb2.i586.rpm
 99c144bfc7581d9f3b885c7a630c89ce  2010.1/i586/glibc-static-devel-2.11.1-8.3mnb2.i586.rpm
 966e023400d62e841942b69bae4d06de  2010.1/i586/glibc-utils-2.11.1-8.3mnb2.i586.rpm
 577f1f88b14add8ea8753b17d730cb8a  2010.1/i586/nscd-2.11.1-8.3mnb2.i586.rpm 
 2e1bffb07071cb21ef6363c21588f4b7  2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm

2010.1 x86_64

 05e4da86aea47726b27c00e3f26e3445  2010.1/x86_64/glibc-2.11.1-8.3mnb2.x86_64.rpm
 d3689fe0a7ae8e4c0e309b34c82cabfd  2010.1/x86_64/glibc-devel-2.11.1-8.3mnb2.x86_64.rpm
 b8be4de2a9c6a8e3effe06234429a227  2010.1/x86_64/glibc-doc-2.11.1-8.3mnb2.x86_64.rpm
 1ac19950a67c4ee965b0ae9d2d6a0396  2010.1/x86_64/glibc-doc-pdf-2.11.1-8.3mnb2.x86_64.rpm
 54031c917cb54a5abc42ebaf30dfe894  2010.1/x86_64/glibc-i18ndata-2.11.1-8.3mnb2.x86_64.rpm
 18c2a1354df2094a7508b1990420ab5b  2010.1/x86_64/glibc-profile-2.11.1-8.3mnb2.x86_64.rpm
 f8cef0d317c3ccbb5446672a1cf00ad6  2010.1/x86_64/glibc-static-devel-2.11.1-8.3mnb2.x86_64.rpm
 78b27e0739627abebc7c43fbf82e107b  2010.1/x86_64/glibc-utils-2.11.1-8.3mnb2.x86_64.rpm
 e37194682e8ef10c21a8d8483e76b3f4  2010.1/x86_64/nscd-2.11.1-8.3mnb2.x86_64.rpm 
 2e1bffb07071cb21ef6363c21588f4b7  2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm

References