Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.
7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4
Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.
0412f59ba60e6f3546c153206b4f490e8e4d6187358607bb442d3ffcaa511903
Red Hat Security Advisory 2015-0327-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the files back end of Name Service Switch did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.
4a16c6ab2c6c11d8d47f0d52c425c5e09912802eec21306db67227f5c23219c6
Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
26074a481751614ed048aa65c68c0f68a31ac03ddd5cb0a7c9feb7060aa253ca
Red Hat Security Advisory 2015-0016-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
90cd9b71e30ab8c30bd38d9fa4f597107a84bbed6e771bcc76f44a2ec20281ff
Ubuntu Security Notice 2432-1 - Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. Various other issues were also addressed.
ee9a58bff9d011d6367f3b45438ca35803c8316ec24d9da327b4cbbe7f9d4442
Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7
Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.
f3306f4d40c605cd5282642a6815dd2da169dca7f32fb2e4796c7ec5dcb10aa7