Advisories ยป MGASA-2014-0314

Updated glibc packages fix security issues

Publication date: 05 Aug 2014
Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0475 , CVE-2014-4043

Description

Stephane Chazelas discovered that directory traversal issue in locale
handling in glibc.  glibc accepts relative paths with ".." components
in the LC_* and LANG variables.  Together with typical OpenSSH
configurations (with suitable AcceptEnv settings in sshd_config), this
could conceivably be used to bypass ForceCommand restrictions (or
restricted shells), assuming the attacker has sufficient level of
access to a file system location on the host to create crafted locale
definitions there. (CVE-2014-0475)

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where
posix_spawn_file_actions_addopen fails to copy the path argument (glibc
bz #17048) which can, in conjunction with many common memory management
techniques from an application, lead to a use after free, or other
vulnerabilities. (CVE-2014-4043)

This update also fixes the following issues:
x86: Disable x87 inline functions for SSE2 math (glibc bz #16510)
malloc: Fix race in free() of fastbin chunk (glibc bz #15073)
                

References

SRPMS

4/core

3/core