Synopsis:          Important: glibc security update
Advisory ID:       SLSA-2014:1110-1
Issue Date:        2014-08-29
CVE Numbers:       CVE-2014-0475
                   CVE-2014-5119
--

An off-by-one heap-based buffer overflow flaw was found in glibc's
internal __gconv_translit_find() function. An attacker able to make an
application call the iconv_open() function with a specially crafted
argument could possibly use this flaw to execute arbitrary code with the
privileges of that application. (CVE-2014-5119)

A directory traveral flaw was found in the way glibc loaded locale files.
An attacker able to make an application use a specially crafted locale
name value (for example, specified in an LC_* environment variable) could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-0475)
--

SL5
  x86_64
    glibc-2.5-118.el5_10.3.i686.rpm
    glibc-2.5-118.el5_10.3.x86_64.rpm
    glibc-common-2.5-118.el5_10.3.x86_64.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i386.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i686.rpm
    glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm
    glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm
    glibc-devel-2.5-118.el5_10.3.i386.rpm
    glibc-devel-2.5-118.el5_10.3.x86_64.rpm
    glibc-headers-2.5-118.el5_10.3.x86_64.rpm
    glibc-utils-2.5-118.el5_10.3.x86_64.rpm
    nscd-2.5-118.el5_10.3.x86_64.rpm
  i386
    glibc-2.5-118.el5_10.3.i386.rpm
    glibc-2.5-118.el5_10.3.i686.rpm
    glibc-common-2.5-118.el5_10.3.i386.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i386.rpm
    glibc-debuginfo-2.5-118.el5_10.3.i686.rpm
    glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm
    glibc-devel-2.5-118.el5_10.3.i386.rpm
    glibc-headers-2.5-118.el5_10.3.i386.rpm
    glibc-utils-2.5-118.el5_10.3.i386.rpm
    nscd-2.5-118.el5_10.3.i386.rpm
SL6
  x86_64
    glibc-2.12-1.132.el6_5.4.i686.rpm
    glibc-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-common-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-common-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-devel-2.12-1.132.el6_5.4.i686.rpm
    glibc-devel-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-headers-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-utils-2.12-1.132.el6_5.4.x86_64.rpm
    nscd-2.12-1.132.el6_5.4.x86_64.rpm
    glibc-static-2.12-1.132.el6_5.4.i686.rpm
    glibc-static-2.12-1.132.el6_5.4.x86_64.rpm
  i386
    glibc-2.12-1.132.el6_5.4.i686.rpm
    glibc-common-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-2.12-1.132.el6_5.4.i686.rpm
    glibc-debuginfo-common-2.12-1.132.el6_5.4.i686.rpm
    glibc-devel-2.12-1.132.el6_5.4.i686.rpm
    glibc-headers-2.12-1.132.el6_5.4.i686.rpm
    glibc-utils-2.12-1.132.el6_5.4.i686.rpm
    nscd-2.12-1.132.el6_5.4.i686.rpm
    glibc-static-2.12-1.132.el6_5.4.i686.rpm

- Scientific Linux Development Team