Security update for glibc (important)

2014-09-15T19:06:41
ID SUSE-SU-2014:1129-1
Type suse
Reporter Suse
Modified 2014-09-15T19:06:41

Description

This glibc update fixes a critical privilege escalation problem and two additional issues:

   * bnc#892073: An off-by-one error leading to a heap-based buffer
     overflow was found in __gconv_translit_find(). An exploit that

targets the problem is publicly available. (CVE-2014-5119) * bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. * bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) * bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)

Security Issues:

   * CVE-2012-6656
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656</a>>
   * CVE-2013-4357
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357</a>>
   * CVE-2014-5119
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>>
   * CVE-2014-6040
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040</a>>