Lucene search

K
amazonAmazonALAS-2012-039
HistoryFeb 02, 2012 - 2:26 p.m.

Medium: glibc

2012-02-0214:26:00
alas.aws.amazon.com
13

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

Issue Overview:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)

A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    glibc-debuginfo-common-2.12-1.47.32.amzn1.i686  
    glibc-common-2.12-1.47.32.amzn1.i686  
    glibc-debuginfo-2.12-1.47.32.amzn1.i686  
    glibc-devel-2.12-1.47.32.amzn1.i686  
    glibc-2.12-1.47.32.amzn1.i686  
    glibc-utils-2.12-1.47.32.amzn1.i686  
    nscd-2.12-1.47.32.amzn1.i686  
    glibc-headers-2.12-1.47.32.amzn1.i686  
    glibc-static-2.12-1.47.32.amzn1.i686  
  
src:  
    glibc-2.12-1.47.32.amzn1.src  
  
x86_64:  
    glibc-devel-2.12-1.47.32.amzn1.x86_64  
    glibc-static-2.12-1.47.32.amzn1.x86_64  
    glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64  
    glibc-utils-2.12-1.47.32.amzn1.x86_64  
    glibc-common-2.12-1.47.32.amzn1.x86_64  
    glibc-headers-2.12-1.47.32.amzn1.x86_64  
    glibc-2.12-1.47.32.amzn1.x86_64  
    glibc-debuginfo-2.12-1.47.32.amzn1.x86_64  
    nscd-2.12-1.47.32.amzn1.x86_64  

Additional References

Red Hat: CVE-2009-5029, CVE-2011-4609

Mitre: CVE-2009-5029, CVE-2011-4609

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%