[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 165-1] eglibc security update



Package        : eglibc
Version        : 2.11.3-4+deb6u5
CVE ID         : CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2012-4412 
                 CVE-2012-4424 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237
		 CVE-2013-4332 CVE-2013-4357 CVE-2013-4458 CVE-2013-4788
		 CVE-2013-7423 CVE-2013-7424 CVE-2014-4043 CVE-2015-1472
		 CVE-2015-1473
Debian Bug     : 553206 681473 681888 684889 687530 689423 699399 704623
		 717178 719558 722536 751774 765506 765526 765562

Several vulnerabilities have been fixed in eglibc, Debian's version of
the GNU C library.

#553206
CVE-2015-1472
CVE-2015-1473

    The scanf family of functions do not properly limit stack
    allocation, which allows context-dependent attackers to cause a
    denial of service (crash) or possibly execute arbitrary code.

CVE-2012-3405

    The printf family of functions do not properly calculate a buffer
    length, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a
    denial of service.

CVE-2012-3406

    The printf family of functions do not properly limit stack
    allocation, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a
    denial of service (crash) or possibly execute arbitrary code via a
    crafted format string.

CVE-2012-3480

    Multiple integer overflows in the strtod, strtof, strtold,
    strtod_l, and other related functions allow local users to cause a
    denial of service (application crash) and possibly execute
    arbitrary code via a long string, which triggers a stack-based
    buffer overflow.

CVE-2012-4412

    Integer overflow in the strcoll and wcscoll functions allows
    context-dependent attackers to cause a denial of service (crash)
    or possibly execute arbitrary code via a long string, which
    triggers a heap-based buffer overflow.

CVE-2012-4424

    Stack-based buffer overflow in the strcoll and wcscoll functions
    allows context-dependent attackers to cause a denial of service
    (crash) or possibly execute arbitrary code via a long string that
    triggers a malloc failure and use of the alloca function.

CVE-2013-0242

    Buffer overflow in the extend_buffers function in the regular
    expression matcher allows context-dependent attackers to cause a
    denial of service (memory corruption and crash) via crafted
    multibyte characters.

CVE-2013-1914
CVE-2013-4458

    Stack-based buffer overflow in the getaddrinfo function allows
    remote attackers to cause a denial of service (crash) via a
    hostname or IP address that triggers a large number of domain
    conversion results.

CVE-2013-4237

    readdir_r allows context-dependent attackers to cause a denial of
    service (out-of-bounds write and crash) or possibly execute
    arbitrary code via a malicious NTFS image or CIFS service.

CVE-2013-4332

    Multiple integer overflows in malloc/malloc.c allow
    context-dependent attackers to cause a denial of service (heap
    corruption) via a large value to the pvalloc, valloc,
    posix_memalign, memalign, or aligned_alloc functions.

CVE-2013-4357

    The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
    getservbyname_r, getservbyport, getservbyport_r, and glob
    functions do not properly limit stack allocation, which allows
    context-dependent attackers to cause a denial of service (crash)
    or possibly execute arbitrary code.

CVE-2013-4788

    When the GNU C library is statically linked into an executable,
    the PTR_MANGLE implementation does not initialize the random value
    for the pointer guard, so that various hardening mechanisms are not
    effective.

CVE-2013-7423

    The send_dg function in resolv/res_send.c does not properly reuse
    file descriptors, which allows remote attackers to send DNS
    queries to unintended locations via a large number of requests that
    trigger a call to the getaddrinfo function.

CVE-2013-7424

    The getaddrinfo function may attempt to free an invalid pointer
    when handling IDNs (Internationalised Domain Names), which allows
    remote attackers to cause a denial of service (crash) or possibly
    execute arbitrary code.

CVE-2014-4043

    The posix_spawn_file_actions_addopen function does not copy its
    path argument in accordance with the POSIX specification, which
    allows context-dependent attackers to trigger use-after-free
    vulnerabilities.

For the oldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u5.

For the stable distribution (wheezy), these problems were fixed in
version 2.13-38+deb7u8 or earlier.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: