7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.2%
Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with “…” components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities. (CVE-2014-4043) This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | glibc | < 2.17-7.3 | glibc-2.17-7.3.mga3 |
Mageia | 4 | noarch | glibc | < 2.18-9.2 | glibc-2.18-9.2.mga4 |