Mailinglist Archive: opensuse-updates (74 mails)

< Previous Next >
openSUSE-SU-2013:1510-1: moderate: glibc: security and bugfix update
openSUSE Security Update: glibc: security and bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1510-1
Rating: moderate
References: #779320 #801246 #805054 #813121 #813306 #819383
#819524 #824046 #830257 #834594 #839870
Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-1914
CVE-2013-2207 CVE-2013-4237 CVE-2013-4332

Affected Products:
openSUSE 12.3
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 5 fixes is
now available.

Description:

This update fixes the following issues in glibc:
- CVE-2012-4412: glibc: buffer overflow in strcoll
- CVE-2013-0242: glibc: DoS due to a buffer overrun in
regexp matcher by processing multibyte characters
- CVE-2013-1914: glibc: stack overflow in getaddrinfo()
sorting
- CVE-2013-2207: glibc: pt_chown tricked into granting
access to another users pseudo-terminal
- CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not
enforced by readdir_r()
- bnc#805054: man 1 locale mentions nonexistant file
- bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers
write of undefined values if stderr is closed
- bnc#819383: pldd a process multiple times can freeze the
process
- bnc#819524: nscd segfault
- bnc#824046: glibc: blacklist code in bindresvport doesn't
release lock, results in double-lock
- bnc#839870: glibc: three integer overflows in memory
allocator
- ARM: Support loading unmarked objects from cache


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-723

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 i686 x86_64):

glibc-2.17-4.7.1
glibc-debuginfo-2.17-4.7.1
glibc-debugsource-2.17-4.7.1
glibc-devel-2.17-4.7.1
glibc-devel-debuginfo-2.17-4.7.1
glibc-devel-static-2.17-4.7.1
glibc-extra-2.17-4.7.1
glibc-extra-debuginfo-2.17-4.7.1
glibc-locale-2.17-4.7.1
glibc-locale-debuginfo-2.17-4.7.1
glibc-profile-2.17-4.7.1
nscd-2.17-4.7.1
nscd-debuginfo-2.17-4.7.1

- openSUSE 12.3 (i586 x86_64):

glibc-utils-2.17-4.7.1
glibc-utils-debuginfo-2.17-4.7.1
glibc-utils-debugsource-2.17-4.7.1

- openSUSE 12.3 (i586 i686):

glibc-obsolete-2.17-4.7.1
glibc-obsolete-debuginfo-2.17-4.7.1

- openSUSE 12.3 (x86_64):

glibc-32bit-2.17-4.7.1
glibc-debuginfo-32bit-2.17-4.7.1
glibc-devel-32bit-2.17-4.7.1
glibc-devel-debuginfo-32bit-2.17-4.7.1
glibc-devel-static-32bit-2.17-4.7.1
glibc-locale-32bit-2.17-4.7.1
glibc-locale-debuginfo-32bit-2.17-4.7.1
glibc-profile-32bit-2.17-4.7.1
glibc-utils-32bit-2.17-4.7.1
glibc-utils-debuginfo-32bit-2.17-4.7.1

- openSUSE 12.3 (noarch):

glibc-html-2.17-4.7.1
glibc-i18ndata-2.17-4.7.1
glibc-info-2.17-4.7.1


References:

http://support.novell.com/security/cve/CVE-2012-4412.html
http://support.novell.com/security/cve/CVE-2013-0242.html
http://support.novell.com/security/cve/CVE-2013-1914.html
http://support.novell.com/security/cve/CVE-2013-2207.html
http://support.novell.com/security/cve/CVE-2013-4237.html
http://support.novell.com/security/cve/CVE-2013-4332.html
https://bugzilla.novell.com/779320
https://bugzilla.novell.com/801246
https://bugzilla.novell.com/805054
https://bugzilla.novell.com/813121
https://bugzilla.novell.com/813306
https://bugzilla.novell.com/819383
https://bugzilla.novell.com/819524
https://bugzilla.novell.com/824046
https://bugzilla.novell.com/830257
https://bugzilla.novell.com/834594
https://bugzilla.novell.com/839870


< Previous Next >
This Thread
  • No further messages