LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: glibc on SL5.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 25 Apr 2013 14:05:45 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

Synopsis:          Low: glibc security and bug fix update
Advisory ID:       SLSA-2013:0769-1
Issue Date:        2013-04-24
CVE Numbers:       CVE-2013-0242
                   CVE-2013-1914
--

It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-1914)

A flaw was found in the regular expression matching routines that process
multibyte character input. If an application utilized the glibc regular
expression matching mechanism, an attacker could provide specially-crafted
input that, when processed, would cause the application to crash.
(CVE-2013-0242)

This update also fixes the following bugs:

* The improvements made in a previous update to the accuracy of floating point
functions in the math library caused performance regressions for those
functions. The performance regressions were analyzed and a fix was applied
that retains the current accuracy but reduces the performance penalty to
acceptable levels.

* It was possible that a memory location freed by the localization code
could be accessed immediately after, resulting in a crash. The fix ensures
that the application does not crash by avoiding the invalid memory access.
--

SL5
  x86_64
    glibc-2.5-107.el5_9.4.i686.rpm
    glibc-2.5-107.el5_9.4.x86_64.rpm
    glibc-common-2.5-107.el5_9.4.x86_64.rpm
    glibc-debuginfo-2.5-107.el5_9.4.i386.rpm
    glibc-debuginfo-2.5-107.el5_9.4.i686.rpm
    glibc-debuginfo-2.5-107.el5_9.4.x86_64.rpm
    glibc-debuginfo-common-2.5-107.el5_9.4.i386.rpm
    glibc-devel-2.5-107.el5_9.4.i386.rpm
    glibc-devel-2.5-107.el5_9.4.x86_64.rpm
    glibc-headers-2.5-107.el5_9.4.x86_64.rpm
    glibc-utils-2.5-107.el5_9.4.x86_64.rpm
    nscd-2.5-107.el5_9.4.x86_64.rpm
  i386
    glibc-2.5-107.el5_9.4.i386.rpm
    glibc-2.5-107.el5_9.4.i686.rpm
    glibc-common-2.5-107.el5_9.4.i386.rpm
    glibc-debuginfo-2.5-107.el5_9.4.i386.rpm
    glibc-debuginfo-2.5-107.el5_9.4.i686.rpm
    glibc-debuginfo-common-2.5-107.el5_9.4.i386.rpm
    glibc-devel-2.5-107.el5_9.4.i386.rpm
    glibc-headers-2.5-107.el5_9.4.i386.rpm
    glibc-utils-2.5-107.el5_9.4.i386.rpm
    nscd-2.5-107.el5_9.4.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV