CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
84.9%
CentOS Errata and Security Advisory CESA-2014:1110
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.
An off-by-one heap-based buffer overflow flaw was found in glibcβs internal
__gconv_translit_find() function. An attacker able to make an application
call the iconv_open() function with a specially crafted argument could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-5119)
A directory traveral flaw was found in the way glibc loaded locale files.
An attacker able to make an application use a specially crafted locale name
value (for example, specified in an LC_* environment variable) could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-0475)
Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475.
All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-August/082680.html
https://lists.centos.org/pipermail/centos-announce/2014-August/082681.html
https://lists.centos.org/pipermail/centos-announce/2014-August/082682.html
Affected packages:
glibc
glibc-common
glibc-devel
glibc-headers
glibc-static
glibc-utils
nscd
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1110
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | glibc | <Β 2.12-1.132.el6_5.4 | glibc-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | glibc-common | <Β 2.12-1.132.el6_5.4 | glibc-common-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | glibc-devel | <Β 2.12-1.132.el6_5.4 | glibc-devel-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | glibc-headers | <Β 2.12-1.132.el6_5.4 | glibc-headers-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | glibc-static | <Β 2.12-1.132.el6_5.4 | glibc-static-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | glibc-utils | <Β 2.12-1.132.el6_5.4 | glibc-utils-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | nscd | <Β 2.12-1.132.el6_5.4 | nscd-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | i686 | glibc | <Β 2.12-1.132.el6_5.4 | glibc-2.12-1.132.el6_5.4.i686.rpm |
CentOS | 6 | x86_64 | glibc | <Β 2.12-1.132.el6_5.4 | glibc-2.12-1.132.el6_5.4.x86_64.rpm |
CentOS | 6 | x86_64 | glibc-common | <Β 2.12-1.132.el6_5.4 | glibc-common-2.12-1.132.el6_5.4.x86_64.rpm |