SCIENTIFIC-LINUX-ERRATA Archives

August 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: glibc on SL5.x, SL6.x i386/x86_64
From:
Bonnie King <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 29 Aug 2014 23:48:48 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (74 lines) 
Synopsis:          Important: glibc security update
Advisory ID:       SLSA-2014:1110-1
Issue Date:        2014-08-29
CVE Numbers:       CVE-2014-0475
                   CVE-2014-5119
--

An off-by-one heap-based buffer overflow flaw was found in glibc's
internal __gconv_translit_find() function. An attacker able to make an
application call the iconv_open() function with a specially crafted
argument could possibly use this flaw to execute arbitrary code with the
privileges of that application. (CVE-2014-5119)

A directory traveral flaw was found in the way glibc loaded locale files.
An attacker able to make an application use a specially crafted locale
name value (for example, specified in an LC_* environment variable) could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-0475)
--

SL5
  x86_64
    glibc-2.5-118.el5_10.3.i686.rpm
    glibc-2.5-118.el5_10.3.x86_64.rpm
    glibc-common-2.5-118.el5_10.3.x86_64.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i386.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i686.rpm
    glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm
    glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm
    glibc-devel-2.5-118.el5_10.3.i386.rpm
    glibc-devel-2.5-118.el5_10.3.x86_64.rpm
    glibc-headers-2.5-118.el5_10.3.x86_64.rpm
    glibc-utils-2.5-118.el5_10.3.x86_64.rpm
    nscd-2.5-118.el5_10.3.x86_64.rpm
  i386
    glibc-2.5-118.el5_10.3.i386.rpm
    glibc-2.5-118.el5_10.3.i686.rpm
    glibc-common-2.5-118.el5_10.3.i386.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i386.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i686.rpm
    glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm
    glibc-devel-2.5-118.el5_10.3.i386.rpm
    glibc-headers-2.5-118.el5_10.3.i386.rpm
    glibc-utils-2.5-118.el5_10.3.i386.rpm
    nscd-2.5-118.el5_10.3.i386.rpm
SL6
  x86_64
    glibc-2.12-1.132.el6_5.4.i686.rpm
    glibc-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-common-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-devel-2.12-1.132.el6_5.4.i686.rpm
    glibc-devel-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-headers-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-utils-2.12-1.132.el6_5.4.x86_64.rpm
    nscd-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-static-2.12-1.132.el6_5.4.i686.rpm
    glibc-static-2.12-1.132.el6_5.4.x86_64.rpm
  i386
    glibc-2.12-1.132.el6_5.4.i686.rpm
    glibc-common-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm
    glibc-devel-2.12-1.132.el6_5.4.i686.rpm
    glibc-headers-2.12-1.132.el6_5.4.i686.rpm
    glibc-utils-2.12-1.132.el6_5.4.i686.rpm
    nscd-2.12-1.132.el6_5.4.i686.rpm
    glibc-static-2.12-1.132.el6_5.4.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2