exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-168

Mandriva Linux Security Advisory 2015-168
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3406, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473
SHA-256 | 0412f59ba60e6f3546c153206b4f490e8e4d6187358607bb442d3ffcaa511903

Mandriva Linux Security Advisory 2015-168

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:168
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : glibc
Date : March 30, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated glibc packages fix security vulnerabilities:

Stephane Chazelas discovered that directory traversal issue in locale
handling in glibc. glibc accepts relative paths with .. components
in the LC_* and LANG variables. Together with typical OpenSSH
configurations (with suitable AcceptEnv settings in sshd_config),
this could conceivably be used to bypass ForceCommand restrictions
(or restricted shells), assuming the attacker has sufficient level
of access to a file system location on the host to create crafted
locale definitions there (CVE-2014-0475).

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where
posix_spawn_file_actions_addopen fails to copy the path argument
(glibc bz #17048) which can, in conjunction with many common memory
management techniques from an application, lead to a use after free,
or other vulnerabilities (CVE-2014-4043).

This update also fixes the following issues: x86: Disable x87 inline
functions for SSE2 math (glibc bz #16510) malloc: Fix race in free()
of fastbin chunk (glibc bz #15073)

Tavis Ormandy discovered a heap-based buffer overflow in the
transliteration module loading code. As a result, an attacker who can
supply a crafted destination character set argument to iconv-related
character conversation functions could achieve arbitrary code
execution.

This update removes support of loadable gconv transliteration
modules. Besides the security vulnerability, the module loading code
had functionality defects which prevented it from working for the
intended purpose (CVE-2014-5119).

Adhemerval Zanella Netto discovered out-of-bounds reads in additional
code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
that can be used to crash the systems, causing a denial of service
conditions (CVE-2014-6040).

The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of "$((... ))"
where "..." can be anything valid. The backticks in the arithmetic
epxression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass the
WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).

The vfprintf function in stdio-common/vfprintf.c in GNU C Library
(aka glibc) 2.5, 2.12, and probably other versions does not properly
restrict the use of the alloca function when allocating the SPECS
array, which allows context-dependent attackers to bypass the
FORTIFY_SOURCE format-string protection mechanism and cause a denial
of service (crash) or possibly execute arbitrary code via a crafted
format string using positional parameters and a large number of format
specifiers (CVE-2012-3406).

The nss_dns implementation of getnetbyname could run into an infinite
loop if the DNS response contained a PTR record of an unexpected format
(CVE-2014-9402).

Also glibc lock elision (new feature in glibc 2.18) has been disabled
as it can break glibc at runtime on newer Intel hardware (due to
hardware bug)

Under certain conditions wscanf can allocate too little memory
for the to-be-scanned arguments and overflow the allocated buffer
(CVE-2015-1472).

The incorrect use of "__libc_use_alloca (newsize)" caused a different
(and weaker) policy to be enforced which could allow a denial of
service attack (CVE-2015-1473).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1473
http://advisories.mageia.org/MGASA-2014-0314.html
http://advisories.mageia.org/MGASA-2014-0376.html
http://advisories.mageia.org/MGASA-2014-0496.html
http://advisories.mageia.org/MGASA-2015-0013.html
http://advisories.mageia.org/MGASA-2015-0072.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
4813a9b0e1c42bf56140e891d79e2353 mbs2/x86_64/glibc-2.18-10.1.mbs2.x86_64.rpm
00e7c5806f84e66faff537c7dbdd2d75 mbs2/x86_64/glibc-devel-2.18-10.1.mbs2.x86_64.rpm
befbdbd1e160b4e9228d9a2857ef470b mbs2/x86_64/glibc-doc-2.18-10.1.mbs2.noarch.rpm
aac9ed0c364fd778af009708eccaceab mbs2/x86_64/glibc-i18ndata-2.18-10.1.mbs2.x86_64.rpm
b6afecf4b2a18feb469935718e47c0e5 mbs2/x86_64/glibc-profile-2.18-10.1.mbs2.x86_64.rpm
b3744f2fb467493e0eac75895f6daf61 mbs2/x86_64/glibc-static-devel-2.18-10.1.mbs2.x86_64.rpm
1145e4c5b240eb61f096f7ec45767f69 mbs2/x86_64/glibc-utils-2.18-10.1.mbs2.x86_64.rpm
c09e1bc71aeaa471c72cea6828f054cf mbs2/x86_64/nscd-2.18-10.1.mbs2.x86_64.rpm
3d03bd7c7f066d36f97e5fee3db8c2b3 mbs2/SRPMS/glibc-2.18-10.1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGO6TmqjQ0CJFipgRApv6AKCttgtUwlS7NqmGCqL0ift/1utqmgCfdGsR
srQv9Hgp0MxVLn0efzx6+BU=
=VrqI
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close