Lucene search

K
suseSuseSUSE-SU-2014:1128-1
HistorySep 15, 2014 - 7:04 p.m.

Security update for glibc (important)

2014-09-1519:04:18
lists.opensuse.org
33

EPSS

0.046

Percentile

92.7%

This glibc update fixes a critical privilege escalation problem and the
following security and non-security issues:

   * bnc#892073: An off-by-one error leading to a heap-based buffer
     overflow was found in __gconv_translit_find(). An exploit that

targets the problem is publicly available. (CVE-2014-5119)
* bnc#882600: Copy filename argument in
posix_spawn_file_actions_addopen. (CVE-2014-4043)
* bnc#860501: Use O_LARGEFILE for utmp file.
* bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff.
* bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)
* bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)
* bnc#824639: Drop lock before calling malloc_printerr.
* bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)
* bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)
* bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv
modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556,
BZ#17325, BZ#14134)

Security Issues:

   * CVE-2014-5119
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>&gt;
   * CVE-2014-4043
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>&gt;
   * CVE-2013-4332
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>&gt;
   * CVE-2013-4237
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>&gt;
   * CVE-2013-0242
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>&gt;
   * CVE-2012-4412
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>&gt;