Nom du paquet
glibc
Date
2013-11-25
Advisory ID
MDVSA-2013:284
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities was found and corrected in glibc:

Integer overflow in string/strcoll_l.c in the GNU C Library (aka
glibc or libc6) 2.17 and earlier allows context-dependent attackers
to cause a denial of service (crash) or possibly execute arbitrary
code via a long string, which triggers a heap-based buffer overflow
(CVE-2012-4412).

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library
(aka glibc or libc6) 2.17 and earlier allows context-dependent
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a long string that triggers a malloc failure and
use of the alloca function (CVE-2012-4424).

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka
glibc or libc6) 2.18 and earlier allow context-dependent attackers to
cause a denial of service (heap corruption) via a large value to the
(1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5)
aligned_alloc functions (CVE-2013-4332).

A stack (frame) overflow flaw, which led to a denial of service
(application crash), was found in the way glibc's getaddrinfo()
function processed certain requests when called with AF_INET6. A
similar flaw to CVE-2013-1914, this affects AF_INET6 rather than
AF_UNSPEC (CVE-2013-4458).

The PTR_MANGLE implementation in the GNU C Library (aka glibc or
libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not
initialize the random value for the pointer guard, which makes it
easier for context- dependent attackers to control execution flow by
leveraging a buffer-overflow vulnerability in an application and using
the known zero value pointer guard to calculate a pointer address
(CVE-2013-4788).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 ca2e58ecf7a2d62e523b1395175896b5  mes5/i586/glibc-2.8-1.20080520.5.10mnb2.i586.rpm
 917ad59055eaebd5e68e5c2e73bb1839  mes5/i586/glibc-devel-2.8-1.20080520.5.10mnb2.i586.rpm
 38faa00ce7b79dc37a7494b90c0b4f6c  mes5/i586/glibc-doc-2.8-1.20080520.5.10mnb2.i586.rpm
 8510201c6ee5f9b9ff4e5a62ea6082d8  mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.10mnb2.i586.rpm
 a2f9bfe66d75446bd5e963673cb99184  mes5/i586/glibc-i18ndata-2.8-1.20080520.5.10mnb2.i586.rpm
 b4513eff5fef362f619f6ae0ea35ce5f  mes5/i586/glibc-profile-2.8-1.20080520.5.10mnb2.i586.rpm
 a82b76207b1aca73c057c486a5e07636  mes5/i586/glibc-static-devel-2.8-1.20080520.5.10mnb2.i586.rpm
 df8b74ecfd447b107364e217da29f5d9  mes5/i586/glibc-utils-2.8-1.20080520.5.10mnb2.i586.rpm
 3e9ce8665a7e61176c3b11cd266172b0  mes5/i586/nscd-2.8-1.20080520.5.10mnb2.i586.rpm 
 8e2ebc125c5a6e7dcf17d4535f7f911c  mes5/SRPMS/glibc-2.8-1.20080520.5.10mnb2.src.rpm

MES5 x86_64

 7c1b3450ba04c65d1a911e44c1554b67  mes5/x86_64/glibc-2.8-1.20080520.5.10mnb2.x86_64.rpm
 f5fe7d527fc92c69118e8c492e88de4f  mes5/x86_64/glibc-devel-2.8-1.20080520.5.10mnb2.x86_64.rpm
 cc8afd4f3f5d54455d008d24412edc3d  mes5/x86_64/glibc-doc-2.8-1.20080520.5.10mnb2.x86_64.rpm
 0a946db4c66a3ae2985b983870d9b3fb  mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.10mnb2.x86_64.rpm
 35f418e46f2739e07666b2b80a968c55  mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.10mnb2.x86_64.rpm
 c750b3334f6bb43d62370fbf1fc30a74  mes5/x86_64/glibc-profile-2.8-1.20080520.5.10mnb2.x86_64.rpm
 c6795a180161f94eb06074fdf588a5ed  mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.10mnb2.x86_64.rpm
 01dd2eaae2dd444ed7b1e80411478a03  mes5/x86_64/glibc-utils-2.8-1.20080520.5.10mnb2.x86_64.rpm
 0e29e9d7d90d5a92b19b53cda9642d6c  mes5/x86_64/nscd-2.8-1.20080520.5.10mnb2.x86_64.rpm 
 8e2ebc125c5a6e7dcf17d4535f7f911c  mes5/SRPMS/glibc-2.8-1.20080520.5.10mnb2.src.rpm

References