Updated glibc packages fix security issues
Publication date: 05 Aug 2014Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0475 , CVE-2014-4043
Description
Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities. (CVE-2014-4043) This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073)
References
- https://bugs.mageia.org/show_bug.cgi?id=13800
- https://www.sourceware.org/bugzilla/show_bug.cgi?id=17048
- https://www.sourceware.org/bugzilla/show_bug.cgi?id=16510
- https://www.sourceware.org/bugzilla/show_bug.cgi?id=15073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
SRPMS
4/core
- glibc-2.18-9.2.mga4
3/core
- glibc-2.17-7.3.mga3