openSUSE Security Update: glibc: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1510-1 Rating: moderate References: #779320 #801246 #805054 #813121 #813306 #819383 #819524 #824046 #830257 #834594 #839870 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 5 fixes is now available. Description: This update fixes the following issues in glibc: - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions nonexistant file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn't release lock, results in double-lock - bnc#839870: glibc: three integer overflows in memory allocator - ARM: Support loading unmarked objects from cache Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-723 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 i686 x86_64): glibc-2.17-4.7.1 glibc-debuginfo-2.17-4.7.1 glibc-debugsource-2.17-4.7.1 glibc-devel-2.17-4.7.1 glibc-devel-debuginfo-2.17-4.7.1 glibc-devel-static-2.17-4.7.1 glibc-extra-2.17-4.7.1 glibc-extra-debuginfo-2.17-4.7.1 glibc-locale-2.17-4.7.1 glibc-locale-debuginfo-2.17-4.7.1 glibc-profile-2.17-4.7.1 nscd-2.17-4.7.1 nscd-debuginfo-2.17-4.7.1 - openSUSE 12.3 (i586 x86_64): glibc-utils-2.17-4.7.1 glibc-utils-debuginfo-2.17-4.7.1 glibc-utils-debugsource-2.17-4.7.1 - openSUSE 12.3 (i586 i686): glibc-obsolete-2.17-4.7.1 glibc-obsolete-debuginfo-2.17-4.7.1 - openSUSE 12.3 (x86_64): glibc-32bit-2.17-4.7.1 glibc-debuginfo-32bit-2.17-4.7.1 glibc-devel-32bit-2.17-4.7.1 glibc-devel-debuginfo-32bit-2.17-4.7.1 glibc-devel-static-32bit-2.17-4.7.1 glibc-locale-32bit-2.17-4.7.1 glibc-locale-debuginfo-32bit-2.17-4.7.1 glibc-profile-32bit-2.17-4.7.1 glibc-utils-32bit-2.17-4.7.1 glibc-utils-debuginfo-32bit-2.17-4.7.1 - openSUSE 12.3 (noarch): glibc-html-2.17-4.7.1 glibc-i18ndata-2.17-4.7.1 glibc-info-2.17-4.7.1 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-1914.html http://support.novell.com/security/cve/CVE-2013-2207.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html https://bugzilla.novell.com/779320 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/805054 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/813306 https://bugzilla.novell.com/819383 https://bugzilla.novell.com/819524 https://bugzilla.novell.com/824046 https://bugzilla.novell.com/830257 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/839870