RHSA-2012:0125: Moderate: glibc security and bug fix update
First published: Mon Feb 13 2012(Updated: )
The glibc packages contain the standard C libraries used by multiple<br>programs on the system. These packages contain the standard C and the<br>standard math libraries. Without these two libraries, a Linux system cannot<br>function properly.<br>An integer overflow flaw, leading to a heap-based buffer overflow, was<br>found in the way the glibc library read timezone files. If a<br>carefully-crafted timezone file was loaded by an application linked against<br>glibc, it could cause the application to crash or, potentially, execute<br>arbitrary code with the privileges of the user running the application.<br>(CVE-2009-5029)<br>A flaw was found in the way the ldd utility identified dynamically linked<br>libraries. If an attacker could trick a user into running ldd on a<br>malicious binary, it could result in arbitrary code execution with the<br>privileges of the user running ldd. (CVE-2009-5064)<br>It was discovered that the glibc addmntent() function, used by various<br>mount helper utilities, did not sanitize its input properly. A local<br>attacker could possibly use this flaw to inject malformed lines into the<br>mtab (mounted file systems table) file via certain setuid mount helpers, if<br>the attacker were allowed to mount to an arbitrary directory under their<br>control. (CVE-2010-0296)<br>An integer overflow flaw, leading to a heap-based buffer overflow, was<br>found in the way the glibc library loaded ELF (Executable and Linking<br>Format) files. If a carefully-crafted ELF file was loaded by an<br>application linked against glibc, it could cause the application to crash<br>or, potentially, execute arbitrary code with the privileges of the user<br>running the application. (CVE-2010-0830)<br>It was discovered that the glibc fnmatch() function did not properly<br>restrict the use of alloca(). If the function was called on sufficiently<br>large inputs, it could cause an application using fnmatch() to crash or,<br>possibly, execute arbitrary code with the privileges of the application.<br>(CVE-2011-1071)<br>It was found that the glibc addmntent() function, used by various mount<br>helper utilities, did not handle certain errors correctly when updating the<br>mtab (mounted file systems table) file. If such utilities had the setuid<br>bit set, a local attacker could use this flaw to corrupt the mtab file.<br>(CVE-2011-1089)<br>It was discovered that the locale command did not produce properly escaped<br>output as required by the POSIX specification. If an attacker were able to<br>set the locale environment variables in the environment of a script that<br>performed shell evaluation on the output of the locale command, and that<br>script were run with different privileges than the attacker's, it could<br>execute arbitrary code with the privileges of the script. (CVE-2011-1095)<br>An integer overflow flaw was found in the glibc fnmatch() function. If an<br>attacker supplied a long UTF-8 string to an application linked against<br>glibc, it could cause the application to crash. (CVE-2011-1659)<br>A denial of service flaw was found in the remote procedure call (RPC)<br>implementation in glibc. A remote attacker able to open a large number of<br>connections to an RPC service that is using the RPC implementation from<br>glibc, could use this flaw to make that service use an excessive amount of<br>CPU time. (CVE-2011-4609)<br>Red Hat would like to thank the Ubuntu Security Team for reporting<br>CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu<br>Security Team acknowledges Dan Rosenberg as the original reporter of<br>CVE-2010-0830.<br>This update also fixes the following bug:<br><li> When using an nscd package that is a different version than the glibc</li> package, the nscd service could fail to start. This update makes the nscd<br>package require a specific glibc version to prevent this problem.<br>(BZ#657009)<br>Users should upgrade to these updated packages, which resolve these issues.<br>
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=559579
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=599056
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=625893
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=657009
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=681054
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=688980
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=692393
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=761245
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=767299
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2012:0125 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2012:0125
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness