Gentoo Linux Security Advisory 201503-04

Gentoo Linux Security Advisory 201503-04: Posted Mar 9, 2015; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.; tags | advisory, denial of service, arbitrary, local, vulnerability; systems | linux, gentoo; advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-0242, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2014-4043, CVE-2015-0235; SHA-256 | 3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613; Download | Favorite | View

Gentoo Linux Security Advisory 201503-04

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201503-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: GNU C Library: Multiple vulnerabilities
     Date: March 08, 2015
     Bugs: #431218, #434408, #454862, #464634, #477330, #480734,
           #484646, #488084, #489234, #501196, #513090, #521930, #537990
       ID: 201503-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in GNU C Library,  the worst
of which allowing a local attacker to execute arbitrary code or cause a
Denial of Service .

Background
==========

The GNU C library is the standard C library used by Gentoo Linux
systems.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-libs/glibc              < 2.19-r1                 >= 2.19-r1

Description
===========

Multiple vulnerabilities have been discovered in the GNU C Library.
Please review the CVE identifiers referenced below for details.

Impact
======

A local attacker may be able to execute arbitrary code or cause a
Denial of Service condition,.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All glibc users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1"

References
==========

[  1 ] CVE-2012-3404
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404
[  2 ] CVE-2012-3405
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405
[  3 ] CVE-2012-3406
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406
[  4 ] CVE-2012-3480
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3480
[  5 ] CVE-2012-4412
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412
[  6 ] CVE-2012-4424
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424
[  7 ] CVE-2012-6656
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6656
[  8 ] CVE-2013-0242
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242
[  9 ] CVE-2013-1914
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1914
[ 10 ] CVE-2013-2207
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2207
[ 11 ] CVE-2013-4237
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237
[ 12 ] CVE-2013-4332
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332
[ 13 ] CVE-2013-4458
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4458
[ 14 ] CVE-2013-4788
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4788
[ 15 ] CVE-2014-4043
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4043
[ 16 ] CVE-2015-0235
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0235

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201503-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJU/F8cAAoJEP7VAChXwav62RgH/1FtHi2+w/NErH234ILiK7qK
9r+W5AiRbZSBKjnbxPov/h+oxi2Ez5UAdKs/4vxHA66ISIka94VKUaSrMs15zzvc
re8PnP0RwOVExQdF3GnO8KvuUm8trGBF1F2Hp1vqqFIk/8V1Pe5Ef45zCVOz8UjX
9XCSoDO/HiBM/40808siliMMJg6FxacV3vTs8XJ/O1YmBMAdzZLUmXA8Ic2X1rSO
Zli6p30F5mAtEzpOBiXlSCsUj+o8z6ng3oqDZCbg6B6nt/0xC4EId7Apg3k8M+TG
z0lN0u8rQX7rj2y0mBqErJnCx0Owy/68beP8yd3xwxwrNNbkpNDf+SDm8blhBUE=
=K71r
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Gentoo Linux Security Advisory 201503-04

Gentoo Linux Security Advisory 201503-04

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 201503-04

Share This

Gentoo Linux Security Advisory 201503-04

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems