LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-glib-20120827 (glibc)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
	<SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> 


Subject:
    	      Security ERRATA Moderate: glibc on SL6.x i386/x86_64 


Date:
    	      Mon, 27 Aug 2012 13:04:15 -0500


Message-ID:
    	      <503BB69F.4010304@fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:          Moderate: glibc security update
Issue Date:        2012-08-27
CVE Numbers:       CVE-2012-3480

The glibc packages provide the standard C and standard math libraries used
by multiple programs on the system. Without these libraries, the Linux
system cannot function properly.

Multiple integer overflow flaws, leading to stack-based buffer overflows,
were found in glibc's functions for converting a string to a numeric
representation (strtod(), strtof(), and strtold()). If an application used
such a function on attacker controlled input, it could cause the
application to crash or, potentially, execute arbitrary code.
(CVE-2012-3480)

All users of glibc are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

SL6
   x86_64
     glibc-2.12-1.80.el6_3.5.i686.rpm
     glibc-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-common-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-devel-2.12-1.80.el6_3.5.i686.rpm
     glibc-devel-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-headers-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-utils-2.12-1.80.el6_3.5.x86_64.rpm
     nscd-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-static-2.12-1.80.el6_3.5.i686.rpm
     glibc-static-2.12-1.80.el6_3.5.x86_64.rpm
   i386
     glibc-2.12-1.80.el6_3.5.i686.rpm
     glibc-common-2.12-1.80.el6_3.5.i686.rpm
     glibc-devel-2.12-1.80.el6_3.5.i686.rpm
     glibc-headers-2.12-1.80.el6_3.5.i686.rpm
     glibc-utils-2.12-1.80.el6_3.5.i686.rpm
     nscd-2.12-1.80.el6_3.5.i686.rpm
     glibc-static-2.12-1.80.el6_3.5.i686.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds