Medium: glibc

Issue Overview:

An out-of-bounds read flaw was found in the way glibc’s iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040)

It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    glibc-2.17-55.139.amzn1.i686  
    glibc-common-2.17-55.139.amzn1.i686  
    glibc-static-2.17-55.139.amzn1.i686  
    glibc-devel-2.17-55.139.amzn1.i686  
    glibc-headers-2.17-55.139.amzn1.i686  
    glibc-debuginfo-common-2.17-55.139.amzn1.i686  
    glibc-debuginfo-2.17-55.139.amzn1.i686  
    glibc-utils-2.17-55.139.amzn1.i686  
    nscd-2.17-55.139.amzn1.i686  
  
src:  
    glibc-2.17-55.139.amzn1.src  
  
x86_64:  
    glibc-debuginfo-2.17-55.139.amzn1.x86_64  
    glibc-devel-2.17-55.139.amzn1.x86_64  
    glibc-headers-2.17-55.139.amzn1.x86_64  
    nscd-2.17-55.139.amzn1.x86_64  
    glibc-common-2.17-55.139.amzn1.x86_64  
    glibc-2.17-55.139.amzn1.x86_64  
    glibc-static-2.17-55.139.amzn1.x86_64  
    glibc-utils-2.17-55.139.amzn1.x86_64  
    glibc-debuginfo-common-2.17-55.139.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-6040, CVE-2014-8121

Mitre: CVE-2014-6040, CVE-2014-8121