MGASA-2013-0141
| Date: | May 9th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated glibc packages fix security vulnerabilities:
Buffer overflow in the extend_buffers function in the regular
expression matcher (posix/regexec.c) in glibc, possibly 2.17 and
earlier, allows context-dependent attackers to cause a denial of
service (memory corruption and crash) via crafted multibyte characters
(CVE-2013-0242).
Stack-based buffer overflow in the getaddrinfo function in
sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6)
2.17 and earlier allows remote attackers to cause a denial of service
(crash) via a (1) hostname or (2) IP address that triggers a large
number of domain conversion results (CVE-2013-1914).
This update also fixes sha256-crypt and sha512-crypt support (#7793).
Updated Packages:
i586:
glibc-2.14.1-10.mga2.i586.rpm
glibc-devel-2.14.1-10.mga2.i586.rpm
glibc-doc-2.14.1-10.mga2.noarch.rpm
glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm
glibc-i18ndata-2.14.1-10.mga2.i586.rpm
glibc-profile-2.14.1-10.mga2.i586.rpm
glibc-static-devel-2.14.1-10.mga2.i586.rpm
glibc-utils-2.14.1-10.mga2.i586.rpm
nscd-2.14.1-10.mga2.i586.rpm
glibc-debug-2.14.1-10.mga2.i586.rpm
x86_64:
glibc-2.14.1-10.mga2.x86_64.rpm
glibc-devel-2.14.1-10.mga2.x86_64.rpm
glibc-doc-2.14.1-10.mga2.noarch.rpm
glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm
glibc-i18ndata-2.14.1-10.mga2.x86_64.rpm
glibc-profile-2.14.1-10.mga2.x86_64.rpm
glibc-static-devel-2.14.1-10.mga2.x86_64.rpm
glibc-utils-2.14.1-10.mga2.x86_64.rpm
nscd-2.14.1-10.mga2.x86_64.rpm
glibc-debug-2.14.1-10.mga2.x86_64.rpm
SRPMS:
glibc-2.14.1-10.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
https://bugs.mageia.org/show_bug.cgi?id=7793
https://bugs.mageia.org/show_bug.cgi?id=9952
