| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Nov 2013 18:50:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2013:283 ] glibc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:283 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : glibc Date : November 25, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated glibc packages fixes the following security issues: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412). Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424). pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207). NOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly (make sure to mount the devpts correctly with gid=5). sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image (CVE-2013-4237). Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332). A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458). The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address (CVE-2013-4788). Other fixes in this update: - Correct the processing of '\x80' characters in crypt_freesec.c - fix typo in nscd.service _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788 http://advisories.mageia.org/MGASA-2013-0340.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 55e626f90fc3cf28ab6ec66ab762b12f mbs1/x86_64/glibc-2.14.1-12.2.mbs1.x86_64.rpm fece70755163abb58742056a4f4e3773 mbs1/x86_64/glibc-devel-2.14.1-12.2.mbs1.x86_64.rpm a84eb58b428b2413863c8b90af89ac25 mbs1/x86_64/glibc-doc-2.14.1-12.2.mbs1.noarch.rpm f1630ad8a642250f4d067b207cd86e91 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.2.mbs1.noarch.rpm 80aae07c11abca7d1aef77c8c6bb85d2 mbs1/x86_64/glibc-i18ndata-2.14.1-12.2.mbs1.x86_64.rpm 681d1f18d54f927d1468d01431cdeee4 mbs1/x86_64/glibc-profile-2.14.1-12.2.mbs1.x86_64.rpm 73c26fe8c0598539cbd8600b6ae5426c mbs1/x86_64/glibc-static-devel-2.14.1-12.2.mbs1.x86_64.rpm 6c966f5e50d38d244ed23595035be72d mbs1/x86_64/glibc-utils-2.14.1-12.2.mbs1.x86_64.rpm d6b26cd43c42324daf59e75eabbc2db1 mbs1/x86_64/nscd-2.14.1-12.2.mbs1.x86_64.rpm 912e1f62eb8aeb0dd8745c83c1c97bb9 mbs1/SRPMS/glibc-2.14.1-12.2.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSk2OPmqjQ0CJFipgRAvzSAKClrxohP1OnDDzsK3svdKfJVt1GIACdF6BM 4x5viyElHwYu41tPVQmK/zg= =aggK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists