Lucene search

K
suseSuseSUSE-SU-2014:1122-1
HistorySep 12, 2014 - 6:04 a.m.

Security update for glibc (important)

2014-09-1206:04:16
lists.opensuse.org
38

EPSS

0.046

Percentile

92.7%

This glibc update fixes a critical privilege escalation vulnerability and
the following security and non-security issues:

   * bnc#892073: An off-by-one error leading to a heap-based buffer
     overflow was found in __gconv_translit_find(). An exploit that

targets the problem is publicly available. (CVE-2014-5119)
* bnc#886416: Avoid redundant shift character in iconv output at block
boundary.
* bnc#883022: Initialize errcode in sysdeps/unix/opendir.c.
* bnc#882600: Copy filename argument in
posix_spawn_file_actions_addopen. (CVE-2014-4043)
* bnc#864081: Take lock in pthread_cond_wait cleanup handler only when
needed.
* bnc#843735: Don’t crash on unresolved weak symbol reference.
* bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)
* bnc#836746: Avoid race between {,__de}allocate_stack and
__reclaim_stacks during fork.
* bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)
* bnc#830268: Initialize pointer guard also in static executables.
(CVE-2013-4788)
* bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)
* bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)
* bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait.

Security Issues:

   * CVE-2014-5119
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>&gt;
   * CVE-2014-4043
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>&gt;
   * CVE-2012-4412
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>&gt;
   * CVE-2013-0242
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>&gt;
   * CVE-2013-4788
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788</a>&gt;
   * CVE-2013-4237
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>&gt;
   * CVE-2013-4332
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>&gt;