Red Hat Security Advisory 2012-0397-01

Red Hat Security Advisory 2012-0397-01: Posted Mar 19, 2012; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.; tags | advisory, overflow, arbitrary; systems | linux, redhat; advisories | CVE-2012-0864; SHA-256 | 0036797987fe157b69b95604a2713b21fc1006dc352d46cb79b8d8274bba60f4; Download | Favorite | View

Red Hat Security Advisory 2012-0397-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: glibc security update
Advisory ID:       RHSA-2012:0397-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0397.html
Issue date:        2012-03-19
CVE Names:         CVE-2012-0864 
=====================================================================

1. Summary:

Updated glibc packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The glibc packages provide the standard C and standard math libraries used
by multiple programs on the system. Without these libraries, the Linux
system cannot function correctly.

An integer overflow flaw was found in the implementation of the printf
functions family. This could allow an attacker to bypass FORTIFY_SOURCE
protections and execute arbitrary code using a format string flaw in an
application, even though these protections are expected to limit the impact
of such flaws to an application abort. (CVE-2012-0864)

All users of glibc are advised to upgrade to these updated packages, which
contain a patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

794766 - CVE-2012-0864 glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/glibc-2.5-81.el5_8.1.src.rpm

i386:
glibc-2.5-81.el5_8.1.i386.rpm
glibc-2.5-81.el5_8.1.i686.rpm
glibc-common-2.5-81.el5_8.1.i386.rpm
glibc-debuginfo-2.5-81.el5_8.1.i386.rpm
glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm
glibc-devel-2.5-81.el5_8.1.i386.rpm
glibc-headers-2.5-81.el5_8.1.i386.rpm
glibc-utils-2.5-81.el5_8.1.i386.rpm
nscd-2.5-81.el5_8.1.i386.rpm

x86_64:
glibc-2.5-81.el5_8.1.i686.rpm
glibc-2.5-81.el5_8.1.x86_64.rpm
glibc-common-2.5-81.el5_8.1.x86_64.rpm
glibc-debuginfo-2.5-81.el5_8.1.i386.rpm
glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
glibc-debuginfo-2.5-81.el5_8.1.x86_64.rpm
glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm
glibc-devel-2.5-81.el5_8.1.i386.rpm
glibc-devel-2.5-81.el5_8.1.x86_64.rpm
glibc-headers-2.5-81.el5_8.1.x86_64.rpm
glibc-utils-2.5-81.el5_8.1.x86_64.rpm
nscd-2.5-81.el5_8.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/glibc-2.5-81.el5_8.1.src.rpm

i386:
glibc-2.5-81.el5_8.1.i386.rpm
glibc-2.5-81.el5_8.1.i686.rpm
glibc-common-2.5-81.el5_8.1.i386.rpm
glibc-debuginfo-2.5-81.el5_8.1.i386.rpm
glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm
glibc-devel-2.5-81.el5_8.1.i386.rpm
glibc-headers-2.5-81.el5_8.1.i386.rpm
glibc-utils-2.5-81.el5_8.1.i386.rpm
nscd-2.5-81.el5_8.1.i386.rpm

ia64:
glibc-2.5-81.el5_8.1.i686.rpm
glibc-2.5-81.el5_8.1.ia64.rpm
glibc-common-2.5-81.el5_8.1.ia64.rpm
glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
glibc-debuginfo-2.5-81.el5_8.1.ia64.rpm
glibc-devel-2.5-81.el5_8.1.ia64.rpm
glibc-headers-2.5-81.el5_8.1.ia64.rpm
glibc-utils-2.5-81.el5_8.1.ia64.rpm
nscd-2.5-81.el5_8.1.ia64.rpm

ppc:
glibc-2.5-81.el5_8.1.ppc.rpm
glibc-2.5-81.el5_8.1.ppc64.rpm
glibc-common-2.5-81.el5_8.1.ppc.rpm
glibc-debuginfo-2.5-81.el5_8.1.ppc.rpm
glibc-debuginfo-2.5-81.el5_8.1.ppc64.rpm
glibc-devel-2.5-81.el5_8.1.ppc.rpm
glibc-devel-2.5-81.el5_8.1.ppc64.rpm
glibc-headers-2.5-81.el5_8.1.ppc.rpm
glibc-utils-2.5-81.el5_8.1.ppc.rpm
nscd-2.5-81.el5_8.1.ppc.rpm

s390x:
glibc-2.5-81.el5_8.1.s390.rpm
glibc-2.5-81.el5_8.1.s390x.rpm
glibc-common-2.5-81.el5_8.1.s390x.rpm
glibc-debuginfo-2.5-81.el5_8.1.s390.rpm
glibc-debuginfo-2.5-81.el5_8.1.s390x.rpm
glibc-devel-2.5-81.el5_8.1.s390.rpm
glibc-devel-2.5-81.el5_8.1.s390x.rpm
glibc-headers-2.5-81.el5_8.1.s390x.rpm
glibc-utils-2.5-81.el5_8.1.s390x.rpm
nscd-2.5-81.el5_8.1.s390x.rpm

x86_64:
glibc-2.5-81.el5_8.1.i686.rpm
glibc-2.5-81.el5_8.1.x86_64.rpm
glibc-common-2.5-81.el5_8.1.x86_64.rpm
glibc-debuginfo-2.5-81.el5_8.1.i386.rpm
glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
glibc-debuginfo-2.5-81.el5_8.1.x86_64.rpm
glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm
glibc-devel-2.5-81.el5_8.1.i386.rpm
glibc-devel-2.5-81.el5_8.1.x86_64.rpm
glibc-headers-2.5-81.el5_8.1.x86_64.rpm
glibc-utils-2.5-81.el5_8.1.x86_64.rpm
nscd-2.5-81.el5_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-0864.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPZ63QXlSAg2UNWIIRAgIoAKDCfqaaA+1eP/vua+72RT4U4KvSFgCffiPk
rPa1rro4gGcJH8prF+aUUCw=
=eMZq
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 275 files
indoushka 177 files
Jay Turla 150 files
Ubuntu 77 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,327)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,893)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,867)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

Red Hat Security Advisory 2012-0397-01

Red Hat Security Advisory 2012-0397-01

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2012-0397-01

Share This

Red Hat Security Advisory 2012-0397-01

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems