Scientific Linux: SLSA-2015:0090-1 Critical: glibc Buffer Overflow Issue

Date: Tue, 27 Jan 2015 08:59:04 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
alsa-utils-1.0.22-9.el6_6.i686.rpm
dhclient-4.1.1-43.P1.el6_6.1.i686.rpm
dhcp-4.1.1-43.P1.el6_6.1.i686.rpm
dhcp-common-4.1.1-43.P1.el6_6.1.i686.rpm
dhcp-devel-4.1.1-43.P1.el6_6.1.i686.rpm
kdebase-workspace-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-akonadi-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-devel-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-libs-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-python-applet-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-wallpapers-4.3.4-29.el6_6.noarch.rpm
kdm-4.3.4-29.el6_6.i686.rpm
ksysguardd-4.3.4-29.el6_6.i686.rpm
oxygen-cursor-themes-4.3.4-29.el6_6.noarch.rpm

x86_64:
alsa-utils-1.0.22-9.el6_6.x86_64.rpm
dhclient-4.1.1-43.P1.el6_6.1.x86_64.rpm
dhcp-4.1.1-43.P1.el6_6.1.x86_64.rpm
dhcp-common-4.1.1-43.P1.el6_6.1.x86_64.rpm
dhcp-devel-4.1.1-43.P1.el6_6.1.i686.rpm
dhcp-devel-4.1.1-43.P1.el6_6.1.x86_64.rpm
kdebase-workspace-4.3.4-29.el6_6.x86_64.rpm
kdebase-workspace-akonadi-4.3.4-29.el6_6.x86_64.rpm
kdebase-workspace-devel-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-devel-4.3.4-29.el6_6.x86_64.rpm
kdebase-workspace-libs-4.3.4-29.el6_6.i686.rpm
kdebase-workspace-libs-4.3.4-29.el6_6.x86_64.rpm
kdebase-workspace-python-applet-4.3.4-29.el6_6.x86_64.rpm
kdebase-workspace-wallpapers-4.3.4-29.el6_6.noarch.rpm
kdm-4.3.4-29.el6_6.x86_64.rpm
ksysguardd-4.3.4-29.el6_6.x86_64.rpm
oxygen-cursor-themes-4.3.4-29.el6_6.noarch.rpm
Date: Tue, 27 Jan 2015 09:29:17 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
augeas-1.1.0-12.el7_0.1.x86_64.rpm
augeas-devel-1.1.0-12.el7_0.1.i686.rpm
augeas-devel-1.1.0-12.el7_0.1.x86_64.rpm
augeas-libs-1.1.0-12.el7_0.1.i686.rpm
augeas-libs-1.1.0-12.el7_0.1.x86_64.rpm
pcs-0.9.115-32.el7_0.1.x86_64.rpm
Date: Tue, 27 Jan 2015 18:56:40 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: glibc on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: glibc security update
Advisory ID: SLSA-2015:0090-1
Issue Date: 2015-01-27
CVE Numbers: CVE-2015-0235
--

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions could
use this flaw to execute arbitrary code with the permissions of the user
running the application. (CVE-2015-0235)
--

SL5
 x86_64
 glibc-2.5-123.el5_11.1.i686.rpm
 glibc-2.5-123.el5_11.1.x86_64.rpm
 glibc-common-2.5-123.el5_11.1.x86_64.rpm
 glibc-debuginfo-2.5-123.el5_11.1.i386.rpm
 glibc-debuginfo-2.5-123.el5_11.1.i686.rpm
 glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm
 glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm
 glibc-devel-2.5-123.el5_11.1.i386.rpm
 glibc-devel-2.5-123.el5_11.1.x86_64.rpm
 glibc-headers-2.5-123.el5_11.1.x86_64.rpm
 glibc-utils-2.5-123.el5_11.1.x86_64.rpm
 nscd-2.5-123.el5_11.1.x86_64.rpm
 i386
 glibc-2.5-123.el5_11.1.i386.rpm
 glibc-2.5-123.el5_11.1.i686.rpm
 glibc-common-2.5-123.el5_11.1.i386.rpm
 glibc-debuginfo-2.5-123.el5_11.1.i386.rpm
 glibc-debuginfo-2.5-123.el5_11.1.i686.rpm
 glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm
 glibc-devel-2.5-123.el5_11.1.i386.rpm
 glibc-headers-2.5-123.el5_11.1.i386.rpm
 glibc-utils-2.5-123.el5_11.1.i386.rpm
 nscd-2.5-123.el5_11.1.i386.rpm

- Scientific Linux Development Team