Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux: SLSA-2014:1391-2 Moderate: glibc Out-Of-Bounds Issue

Calendar Nov 03, 2014 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory bug fix moderate severity glibc out-of-bounds stack memory Scientific Linux
Moderate: glibc security, bug fix, and enhancement update 
Date: Mon, 3 Nov 2014 17:54:45 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: glibc on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: glibc security, bug fix, and enhancement update
Advisory ID: SLSA-2014:1391-2
Issue Date: 2014-10-14
CVE Numbers: CVE-2013-4237
 CVE-2013-4458
--

An out-of-bounds write flaw was found in the way the glibc's readdir_r()
function handled file system entries longer than the NAME_MAX character
constant. A remote attacker could provide a specially crafted NTFS or CIFS
file system that, when processed by an application using readdir_r(),
would cause that application to crash or, potentially, allow the attacker
to execute arbitrary code with the privileges of the user running the
application. (CVE-2013-4237)

It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-4458)
--

SL6
 x86_64
 glibc-2.12-1.149.el6.i686.rpm
 glibc-2.12-1.149.el6.x86_64.rpm
 glibc-common-2.12-1.149.el6.x86_64.rpm
 glibc-debuginfo-2.12-1.149.el6.i686.rpm
 glibc-debuginfo-2.12-1.149.el6.x86_64.rpm
 glibc-debuginfo-common-2.12-1.149.el6.i686.rpm
 glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm
 glibc-devel-2.12-1.149.el6.i686.rpm
 glibc-devel-2.12-1.149.el6.x86_64.rpm
 glibc-headers-2.12-1.149.el6.x86_64.rpm
 glibc-utils-2.12-1.149.el6.x86_64.rpm
 nscd-2.12-1.149.el6.x86_64.rpm
 glibc-static-2.12-1.149.el6.i686.rpm
 glibc-static-2.12-1.149.el6.x86_64.rpm
 i386
 glibc-2.12-1.149.el6.i686.rpm
 glibc-common-2.12-1.149.el6.i686.rpm
 glibc-debuginfo-2.12-1.149.el6.i686.rpm
 glibc-debuginfo-common-2.12-1.149.el6.i686.rpm
 glibc-devel-2.12-1.149.el6.i686.rpm
 glibc-headers-2.12-1.149.el6.i686.rpm
 glibc-utils-2.12-1.149.el6.i686.rpm
 nscd-2.12-1.149.el6.i686.rpm
 glibc-static-2.12-1.149.el6.i686.rpm

- Scientific Linux Development Team
Your message here