[SECURITY] [DLA 97-1] eglibc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 97-1] eglibc security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 29 Nov 2014 19:51:24 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1411291949190.31626@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : eglibc
Version        : 2.11.3-4+deb6u2
CVE ID         : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817

CVE-2012-6656

    Fix validation check when converting from ibm930 to utf.
    When converting IBM930 code with iconv(), if IBM930 code which
    includes invalid multibyte character "0xffff" is specified, then
    iconv() segfaults.

CVE-2014-6040

    Crashes on invalid input in IBM gconv modules [BZ #17325]
    These changes are based on the fix for BZ #14134 in commit
    6e230d11837f3ae7b375ea69d7905f0d18eb79e5.

CVE-2014-7817

    The function wordexp() fails to properly handle the WRDE_NOCMD
    flag when processing arithmetic inputs in the form of "$((... ``))"
    where "..." can be anything valid. The backticks in the arithmetic
    epxression are evaluated by in a shell even if WRDE_NOCMD forbade
    command substitution. This allows an attacker to attempt to pass
    dangerous commands via constructs of the above form, and bypass
    the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
    in exec_comm(), the only place that can execute a shell. All other
    checks for WRDE_NOCMD are superfluous and removed.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUehWsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH3KcP/jbDccB41wgNIG/bJJltJ4mR
pMnMS/OtO75458BR6Br5wT/2NjehS/zEghrx7TA9khWfmwrk2J5CIwsLY9d1NUfQ
3f/nrGyV0/1UK8uE6kpYBpBqODbbs8aUItygxLUHm0Nb/xSU8krzCNVPbVObpVYm
KEMA43dElmmyDeX+P5DQguxY1F7glT96bUYwnl2JbTgz8G1nuYT3DiqxzA+0oR9V
Fr50fyOewN2Cp2F0JF+pq70CljZlZRE+jK8EYZS3OLynKI5JlTtdA5iAcSxmSGX1
9XkA69hjiAyOEtQe1GnLsB2t8P73QGmL1rCtw5cKfrrDjvnOJmPqSIjp9jhMeCbw
gO0/2Ny4o/590gkIbf6hX+N0EAgN5dPtmMckqClS/mfZyRTSKifToe36SU782/j8
nYVJ++m1rtHJdW+PbqgA5Dmb+/uWNWNdAtbzmhxSGoVBMHzsvDyzGfcB0rLat4zY
VzckI2VfIHNFihyInGB7U6LAExiCC/b+mvdoegkkoT2Mzrj0+kbOstxxyy72+fXh
uERCXwfm7Z1N/MZV5YrWQ8PMy5VYgtep9uTslkFShdC1AH7sqxBbXNkxRs9Wf6CF
GiYzkixx7gO8bpyqPxwyCPj0Y7hXcnKzVN/3kxJLEjYqU7ZjuPZNSHFLzA1vn6fj
kg608Hj8k1QSPI73U6Vd
=Og/L
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 96-1] openjdk-6 security update
Previous by thread: [SECURITY] [DLA 96-1] openjdk-6 security update
Index(es):
- Date
- Thread