Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Gentoo: GLSA-201503-04 Normal: GNU C Library Code Risks Denial of Service

gentoo
Calendar Grey March 8, 2015
Dist Gentoo Esm H88
The GNU C Library (glibc) is crucial for Unix-like OS and has vulnerabilities enabling local code execution or denial-of-service attacks in Gentoo
Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service

Summary

Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory denial of service gentoo code execution vulnerability glibc normal severity

Resolution

All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1"

References

[ 1 ] CVE-2012-3404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404 [ 2 ] CVE-2012-3405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405 [ 3 ] CVE-2012-3406 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406 [ 4 ] CVE-2012-3480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3480 [ 5 ] CVE-2012-4412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412 [ 6 ] CVE-2012-4424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424 [ 7 ] CVE-2012-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6656 [ 8 ] CVE-2013-0242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242 [ 9 ] CVE-2013-1914 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1914 [ 10 ] CVE-2013-2207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2207 [ 11 ] CVE-2013-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237 [ 12 ] CVE-2013-4332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332 [ 13 ] CVE-2013-4458 http://nvd.nist.gov/nvd.cfm?cvena...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201503-04
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: GNU C Library: Multiple vulnerabilities
Date: March 08, 2015
Bugs: #431218, #434408, #454862, #464634, #477330, #480734,
ID: 201503-04

Topics%20covered

Topics Covered

security advisory denial of service gentoo code execution vulnerability glibc normal severity

Synopsis

Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service .

Background

The GNU C library is the standard C library used by Gentoo Linux systems.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/glibc < 2.19-r1 >= 2.19-r1

Impact

===== A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,.

Workaround

There is no known workaround at this time.

Related News

Your message here