CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
82.2%
Issue Overview:
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)
A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)
Affected Packages:
glibc
Issue Correction:
Run yum update glibc to update your system.
New Packages:
i686:
glibc-debuginfo-common-2.12-1.47.32.amzn1.i686
glibc-common-2.12-1.47.32.amzn1.i686
glibc-debuginfo-2.12-1.47.32.amzn1.i686
glibc-devel-2.12-1.47.32.amzn1.i686
glibc-2.12-1.47.32.amzn1.i686
glibc-utils-2.12-1.47.32.amzn1.i686
nscd-2.12-1.47.32.amzn1.i686
glibc-headers-2.12-1.47.32.amzn1.i686
glibc-static-2.12-1.47.32.amzn1.i686
src:
glibc-2.12-1.47.32.amzn1.src
x86_64:
glibc-devel-2.12-1.47.32.amzn1.x86_64
glibc-static-2.12-1.47.32.amzn1.x86_64
glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64
glibc-utils-2.12-1.47.32.amzn1.x86_64
glibc-common-2.12-1.47.32.amzn1.x86_64
glibc-headers-2.12-1.47.32.amzn1.x86_64
glibc-2.12-1.47.32.amzn1.x86_64
glibc-debuginfo-2.12-1.47.32.amzn1.x86_64
nscd-2.12-1.47.32.amzn1.x86_64
Red Hat: CVE-2009-5029, CVE-2011-4609
Mitre: CVE-2009-5029, CVE-2011-4609
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | glibc-debuginfo-common | < 2.12-1.47.32.amzn1 | glibc-debuginfo-common-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc-common | < 2.12-1.47.32.amzn1 | glibc-common-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc-debuginfo | < 2.12-1.47.32.amzn1 | glibc-debuginfo-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc-devel | < 2.12-1.47.32.amzn1 | glibc-devel-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc | < 2.12-1.47.32.amzn1 | glibc-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc-utils | < 2.12-1.47.32.amzn1 | glibc-utils-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nscd | < 2.12-1.47.32.amzn1 | nscd-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc-headers | < 2.12-1.47.32.amzn1 | glibc-headers-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | glibc-static | < 2.12-1.47.32.amzn1 | glibc-static-2.12-1.47.32.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | glibc-devel | < 2.12-1.47.32.amzn1 | glibc-devel-2.12-1.47.32.amzn1.x86_64.rpm |