{
  "schema_version": "1.7.0",
  "id": "MGASA-2013-0340",
  "published": "2013-11-22T18:44:49Z",
  "modified": "2013-11-22T18:44:14Z",
  "summary": "Updated glibc package fixes security vulnerabilities",
  "details": "Updated glibc packages fixes the following security issues:\n\nInteger overflow in string/strcoll_l.c in the GNU C Library (aka glibc\nor libc6) 2.17 and earlier allows context-dependent attackers to cause\na denial of service (crash) or possibly execute arbitrary code via a\nlong string, which triggers a heap-based buffer overflow. (CVE-2012-4412)\n\nStack-based buffer overflow in string/strcoll_l.c in the GNU C Library\n(aka glibc or libc6) 2.17 and earlier allows context-dependent\nattackers to cause a denial of service (crash) or possibly execute\narbitrary code via a long string that triggers a malloc failure and\nuse of the alloca function. (CVE-2012-4424)\n\npt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not\nproperly check permissions for tty files, which allows local users to\nchange the permission on the files and obtain access to arbitrary\npseudo-terminals by leveraging a FUSE file system. (CVE-2013-2207)\nNOTE! This is fixed by removing pt_chown wich may break chroots\n      if their devpts was not mounted correctly. \n      (make sure to mount the devpts correctly with gid=5)\n\nsysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6)\n2.18 and earlier allows context-dependent attackers to cause a denial\nof service (out-of-bounds write and crash) or possibly execute\narbitrary code via a crafted (1) NTFS or (2) CIFS image. (CVE-2013-4237)\n\nMultiple integer overflows in malloc/malloc.c in the GNU C Library\n(aka glibc or libc6) 2.18 and earlier allow context-dependent\nattackers to cause a denial of service (heap corruption) via a large\nvalue to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4)\nmemalign, or (5) aligned_alloc functions. (CVE-2013-4332)\n\nA stack (frame) overflow flaw, which led to a denial of service \n(application crash), was found in the way glibc's getaddrinfo() function\nprocessed certain requests when called with AF_INET6. A similar flaw to\nCVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458).\n\nThe PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6)\n2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize\nthe random value for the pointer guard, which makes it easier for context-\ndependent attackers to control execution flow by leveraging a buffer-\noverflow vulnerability in an application and using the known zero value\npointer guard to calculate a pointer address. (CVE-2013-4788)\n\nOther fixes in this update:\n- Correct the processing of '\\x80' characters in crypt_freesec.c\n- drop minimal required kernel to 2.6.32 so it works in chroots on top\n  of enterprise kernels and for OpenVZ users.\n- fix typo in nscd.service\n",
  "upstream": [
    "CVE-2012-4412",
    "CVE-2012-4424",
    "CVE-2013-2207",
    "CVE-2013-4237",
    "CVE-2013-4332",
    "CVE-2013-4458",
    "CVE-2013-4788"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2013-0340.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=11059"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855385"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=858238"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=976408"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995839"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007545"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=985625"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1022280"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:2",
        "name": "glibc",
        "purl": "pkg:rpm/mageia/glibc?arch=source&distro=mageia-2"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.14.1-11.2.mga2"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "glibc",
        "purl": "pkg:rpm/mageia/glibc?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.17-7.2.mga3"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}