Synopsis: Moderate: glibc security, bug fix, and enhancement update
Advisory ID: SLSA-2014:1391-2
Issue Date: 2014-10-14
CVE Numbers: CVE-2013-4237
CVE-2013-4458
—
An out-of-bounds write flaw was found in the way the glibc’s readdir_r()
function handled file system entries longer than the NAME_MAX character
constant. A remote attacker could provide a specially crafted NTFS or CIFS
file system that, when processed by an application using readdir_r(),
would cause that application to crash or, potentially, allow the attacker
to execute arbitrary code with the privileges of the user running the
application. (CVE-2013-4237)
It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-4458)
—
SL6
x86_64
glibc-2.12-1.149.el6.i686.rpm
glibc-2.12-1.149.el6.x86_64.rpm
glibc-common-2.12-1.149.el6.x86_64.rpm
glibc-debuginfo-2.12-1.149.el6.i686.rpm
glibc-debuginfo-2.12-1.149.el6.x86_64.rpm
glibc-debuginfo-common-2.12-1.149.el6.i686.rpm
glibc-debuginfo-common-2.12-1.149.el6.x86_64.rpm
glibc-devel-2.12-1.149.el6.i686.rpm
glibc-devel-2.12-1.149.el6.x86_64.rpm
glibc-headers-2.12-1.149.el6.x86_64.rpm
glibc-utils-2.12-1.149.el6.x86_64.rpm
nscd-2.12-1.149.el6.x86_64.rpm
glibc-static-2.12-1.149.el6.i686.rpm
glibc-static-2.12-1.149.el6.x86_64.rpm
i386
glibc-2.12-1.149.el6.i686.rpm
glibc-common-2.12-1.149.el6.i686.rpm
glibc-debuginfo-2.12-1.149.el6.i686.rpm
glibc-debuginfo-common-2.12-1.149.el6.i686.rpm
glibc-devel-2.12-1.149.el6.i686.rpm
glibc-headers-2.12-1.149.el6.i686.rpm
glibc-utils-2.12-1.149.el6.i686.rpm
nscd-2.12-1.149.el6.i686.rpm
glibc-static-2.12-1.149.el6.i686.rpm
– Scientific Linux Development Team
