Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

openSUSE 13.1 Important: glibc Update Fixes Three Issues

opensuse
Calendar Grey September 11, 2014
Dist Opensuse Esm H88
Important notice for openSUSE concerning three significant glibc security flaws, along with detailed patch application guidelines.
An update that fixes three vulnerabilities is now available.

Description

glibc was updated to fix three security issues:

- A directory traversal in locale environment handling was fixed

(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)

- Disable gconv transliteration module loading which could be used for

code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)

- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,

bnc#894553, BZ #17325)

Topics%20covered

Topics Covered

security advisory code execution directory traversal important glibc issue openSUSE patch instructions

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-536

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-536

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i586 i686 x86_64):

glibc-2.18-4.21.1

glibc-debuginfo-2.18-4.21.1

glibc-debugsource-2.18-4.21.1

glibc-devel-2.18-4.21.1

glibc-devel-debuginfo-2.18-4.21.1

glibc-devel-static-2.18-4.21.1

glibc-extra-2.18-4.21.1

glibc-extra-debuginfo-2.18-4.21.1

glibc-locale-2.18-4.21.1

glibc-locale-debuginfo-2.18-4.21.1

glibc-profile-2.18-4.21.1

nscd-2.18-4.21.1

nscd-debuginfo-2.18-4.21.1

- openSUSE 13.1 (i586 x86_64):

glibc-utils-2.18-4.21.1

glibc-utils-debuginfo-2.18-4.21.1

glibc-utils-debugsource-2.18-4.21.1

- openSUSE 13.1 (i586 i686):

glibc-obsolete-2.18-4.21.1

glibc-obsolete-debuginfo-2.18-4.21.1

- openSUSE 13.1 (x86_64):

glibc-32bit-2.18-4.21.1

glibc-debuginfo-32bit-2.18-4.21.1

glibc-devel-32bit-2.18-4.21.1

glibc-devel-debuginfo-32bit-2.18-4.21.1

glibc-devel-static-32bit-2.18-4.21.1

glibc-locale-32bit-2.18-4.21.1

glibc-locale-debuginfo-32bit-2.18-4.21.1

glibc-profile-32bit-2.18-4.21.1

glibc-utils-32bit-2.18-4.21.1

glibc-utils-debuginfo-32bit-2.18-4.21.1

- openSUSE 13.1 (noarch):

glibc-html-2.18-4.21.1

glibc-i18ndat...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2014-0475.html

https://www.suse.com/security/cve/CVE-2014-5119.html

https://www.suse.com/security/cve/CVE-2014-6040.html

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2014:1115-1
Rating: important
Affected Products: openSUSE 13.1 openSUSE 12.3

Topics%20covered

Topics Covered

security advisory code execution directory traversal important glibc issue openSUSE patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here