Synopsis:          Moderate: glibc security, bug fix, and enhancement update
Advisory ID:       SLSA-2014:1391-2
Issue Date:        2014-10-14
CVE Numbers:       CVE-2013-4237
                   CVE-2013-4458
--

An out-of-bounds write flaw was found in the way the glibc's readdir_r()
function handled file system entries longer than the NAME_MAX character
constant. A remote attacker could provide a specially crafted NTFS or CIFS
file system that, when processed by an application using readdir_r(),
would cause that application to crash or, potentially, allow the attacker
to execute arbitrary code with the privileges of the user running the
application. (CVE-2013-4237)

It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-4458)
--

SL6
  x86_64
    glibc-2.12-1.149.el6.i686.rpm
    glibc-2.12-1.149.el6.x86_64.rpm
    glibc-common-2.12-1.149.el6.x86_64.rpm
    glibc-debuginfo-2.12-1.149.el6.i686.rpm
    glibc-debuginfo-2.12-1.149.el6.x86_64.rpm
    glibc-debuginfo-common-2.12-1.149.el6.i686.rpm
    glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm
    glibc-devel-2.12-1.149.el6.i686.rpm
    glibc-devel-2.12-1.149.el6.x86_64.rpm
    glibc-headers-2.12-1.149.el6.x86_64.rpm
    glibc-utils-2.12-1.149.el6.x86_64.rpm
    nscd-2.12-1.149.el6.x86_64.rpm
    glibc-static-2.12-1.149.el6.i686.rpm
    glibc-static-2.12-1.149.el6.x86_64.rpm
  i386
    glibc-2.12-1.149.el6.i686.rpm
    glibc-common-2.12-1.149.el6.i686.rpm
    glibc-debuginfo-2.12-1.149.el6.i686.rpm
    glibc-debuginfo-common-2.12-1.149.el6.i686.rpm
    glibc-devel-2.12-1.149.el6.i686.rpm
    glibc-headers-2.12-1.149.el6.i686.rpm
    glibc-utils-2.12-1.149.el6.i686.rpm
    nscd-2.12-1.149.el6.i686.rpm
    glibc-static-2.12-1.149.el6.i686.rpm

- Scientific Linux Development Team