Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2012-3480: [SECURITY] Fedora 17 Update: glibc-2.15-56.fc17

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified “related functions” in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

CVE
#linux#dos#apache#perl#buffer_overflow#auth#ssh#ibm

updates at fedoraproject.org updates at fedoraproject.org
Sat Aug 18 01:30:04 UTC 2012

  • Previous message: Fedora 16 Update: perl-Carp-Clan-6.04-5.fc16
  • Next message: Fedora 17 Update: gargi-fonts-1.9-7.fc17
  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-11927 2012-08-15 22:24:21


Name : glibc Product : Fedora 17 Version : 2.15 Release : 56.fc17 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.


Update Information:

  • Fix integer overflow leading to buffer overflow in strto* (#847718)

ChangeLog:

* Wed Aug 15 2012 Jeff Law <law at redhat.com> - 2.15.56

  • Fix integer overflow leading to buffer overflow in strto* (#847718) * Mon Aug 6 2012 Jeff Law <law at redhat.com> - 2.15.55
  • Pack IPv4 servers at the start of nsaddr_list and only track the number of IPV4 servers in EXT(statp->nscounti (#808147)
    • Mark set*uid, set*gid as __wur (warn unused result) (#845960) * Fri Aug 3 2012 Patsy Franklin <pfrankli at redhat.com> - 2.15.54
  • Remove two extraneous lines from previous patch for BZ841318 (#841318) * Thu Jul 26 2012 Jeff Law <law at redhat.com> - 2.15.53
  • Revert patch for BZ696143, it made it impossible to use IPV6 addresses explicitly in getaddrinfo, which in turn broke ssh, apache and other code. (#808147)
    • Avoid unbound alloca in vfprintf (#841318) * Wed Jul 25 2012 Jeff Law <law at redhat.com> - 2.15.52
  • Revert recent changes to res_send (804630, 835090).
    • Fix memcpy args in res_send (#841787). * Tue Jul 3 2012 Jeff Law <law at redhat.com> - 2.15.51
  • Fix FMA4 detection (#829011) * Thu Jun 28 2012 Jeff Law <law at redhat.com> - 2.15.50
  • Fix regression after patch for BZ804630 (#835090). * Wed Jun 20 2012 Jeff Law <law at redhat.com> - 2.15.49
  • Fix use-after-free in dcigettext.c (#816647). * Tue Jun 19 2012 Dennis Gilmore <dennis at ausil.us> - 2.15-48
  • remove armhfp linker changes needs more testing in rawhide before we consider backporting to f17 * Fri Jun 15 2012 Patsy Franklin <pfrankli at redhat.com> - 2.15.47
  • Delay setting DECIDED field in locale file structure until we have read the file’s data (#827510). * Mon Jun 11 2012 Dennis Gilmore <dennis at ausil.us> - 2.15-46
  • only deal with the arm linker compat hack on armhfp arches
  • armsfp arches do not have a linker change * Fri Jun 8 2012 Jeff Law <law at redhat.com> - 2.15.45
  • Backward compat hack for armhf binaries. * Thu Jun 7 2012 Patsy Franklin <patsy at redhat.com> - 2.15.44
  • Fix option rotate with single IPV6 server (#804630) * Thu Jun 7 2012 Patsy Franklin <patsy at redhat.com> - 2.15.43
  • Do not override TTL of CNAME with TTL of its alias. (#808014) * Tue Jun 5 2012 Patsy Franklin <patsy at redhat.com> - 2.15.42
  • Last edit accidently removed %patch2058. * Tue Jun 5 2012 Patsy Franklin <patsy at redhat.com> - 2.15.41
  • Fix DoS in RPC implementation (#767693) * Tue Jun 5 2012 Patsy Franklin <patsy at redhat.com> - 2.15.40
  • Fix iconv() segfault when the invalid multibyte character 0xffff is input when converting from IBM930 (#823905) * Fri Jun 1 2012 Jeff Law <law at redhat.com> - 2.15-39
  • Update arm specific configury. * Thu May 24 2012 Patsy Franklin <pfrankli at redhat.com> - 2.15-38
  • Fix fnmatch() when ‘*’ wildcard is applied on a file name containing multibyte chars. (#819430)

References:

[ 1 ] Bug #847715 - CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines https://bugzilla.redhat.com/show_bug.cgi?id=847715


This update can be installed with the “yum” update program. Use su -c ‘yum update glibc’ at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys


  • Previous message: Fedora 16 Update: perl-Carp-Clan-6.04-5.fc16
  • Next message: Fedora 17 Update: gargi-fonts-1.9-7.fc17
  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the package-announce mailing list

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907