[gentoo-announce] [ GLSA 201503-04 ] GNU C Library: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201503-04 ] GNU C Library: Multiple vulnerabilities
Date:	Sun, 08 Mar 2015 14:54:47
Message-Id:	`54FC5F22.7030902@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA512

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 201503-04

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

 Severity: Normal

11

    Title: GNU C Library: Multiple vulnerabilities

12

     Date: March 08, 2015

13

     Bugs: #431218, #434408, #454862, #464634, #477330, #480734,

14

           #484646, #488084, #489234, #501196, #513090, #521930, #537990

15

       ID: 201503-04

16

17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

18

19

Synopsis

20

========

21

22

Multiple vulnerabilities have been found in GNU C Library,  the worst

23

of which allowing a local attacker to execute arbitrary code or cause a

24

Denial of Service .

25

26

Background

27

==========

28

29

The GNU C library is the standard C library used by Gentoo Linux

30

systems.

31

32

Affected packages

33

=================

34

35

    -------------------------------------------------------------------

36

     Package              /     Vulnerable     /            Unaffected

37

    -------------------------------------------------------------------

38

  1  sys-libs/glibc              < 2.19-r1                 >= 2.19-r1

39

40

Description

41

===========

42

43

Multiple vulnerabilities have been discovered in the GNU C Library.

44

Please review the CVE identifiers referenced below for details.

45

46

Impact

47

======

48

49

A local attacker may be able to execute arbitrary code or cause a

50

Denial of Service condition,.

51

52

Workaround

53

==========

54

55

There is no known workaround at this time.

56

57

Resolution

58

==========

59

60

All glibc users should upgrade to the latest version:

61

62

  # emerge --sync

63

  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1"

64

65

References

66

==========

67

68

[  1 ] CVE-2012-3404

69

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404

70

[  2 ] CVE-2012-3405

71

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405

72

[  3 ] CVE-2012-3406

73

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406

74

[  4 ] CVE-2012-3480

75

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3480

76

[  5 ] CVE-2012-4412

77

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412

78

[  6 ] CVE-2012-4424

79

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424

80

[  7 ] CVE-2012-6656

81

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6656

82

[  8 ] CVE-2013-0242

83

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242

84

[  9 ] CVE-2013-1914

85

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1914

86

[ 10 ] CVE-2013-2207

87

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2207

88

[ 11 ] CVE-2013-4237

89

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237

90

[ 12 ] CVE-2013-4332

91

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332

92

[ 13 ] CVE-2013-4458

93

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4458

94

[ 14 ] CVE-2013-4788

95

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4788

96

[ 15 ] CVE-2014-4043

97

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4043

98

[ 16 ] CVE-2015-0235

99

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0235

100

101

Availability

102

============

103

104

This GLSA and any updates to it are available for viewing at

105

the Gentoo Security Website:

106

107

 http://security.gentoo.org/glsa/glsa-201503-04.xml

108

109

Concerns?

110

=========

111

112

Security is a primary focus of Gentoo Linux and ensuring the

113

confidentiality and security of our users' machines is of utmost

114

importance to us. Any security concerns should be addressed to

115

security@g.o or alternatively, you may file a bug at

116

https://bugs.gentoo.org.

117

118

License

119

=======

120

121

Copyright 2015 Gentoo Foundation, Inc; referenced text

122

belongs to its owner(s).

123

124

The contents of this document are licensed under the

125

Creative Commons - Attribution / Share Alike license.

126

127

http://creativecommons.org/licenses/by-sa/2.5

128

129

-----BEGIN PGP SIGNATURE-----

130

131

iQEcBAEBCgAGBQJU/F8cAAoJEP7VAChXwav62RgH/1FtHi2+w/NErH234ILiK7qK

132

9r+W5AiRbZSBKjnbxPov/h+oxi2Ez5UAdKs/4vxHA66ISIka94VKUaSrMs15zzvc

133

re8PnP0RwOVExQdF3GnO8KvuUm8trGBF1F2Hp1vqqFIk/8V1Pe5Ef45zCVOz8UjX

134

9XCSoDO/HiBM/40808siliMMJg6FxacV3vTs8XJ/O1YmBMAdzZLUmXA8Ic2X1rSO

135

Zli6p30F5mAtEzpOBiXlSCsUj+o8z6ng3oqDZCbg6B6nt/0xC4EId7Apg3k8M+TG

136

z0lN0u8rQX7rj2y0mBqErJnCx0Owy/68beP8yd3xwxwrNNbkpNDf+SDm8blhBUE=

137

=K71r

138

-----END PGP SIGNATURE-----

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA512
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 201503-04
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: GNU C Library: Multiple vulnerabilities
12	Date: March 08, 2015
13	Bugs: #431218, #434408, #454862, #464634, #477330, #480734,
14	#484646, #488084, #489234, #501196, #513090, #521930, #537990
15	ID: 201503-04
16
17	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
18
19	Synopsis
20	========
21
22	Multiple vulnerabilities have been found in GNU C Library, the worst
23	of which allowing a local attacker to execute arbitrary code or cause a
24	Denial of Service .
25
26	Background
27	==========
28
29	The GNU C library is the standard C library used by Gentoo Linux
30	systems.
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 sys-libs/glibc < 2.19-r1 >= 2.19-r1
39
40	Description
41	===========
42
43	Multiple vulnerabilities have been discovered in the GNU C Library.
44	Please review the CVE identifiers referenced below for details.
45
46	Impact
47	======
48
49	A local attacker may be able to execute arbitrary code or cause a
50	Denial of Service condition,.
51
52	Workaround
53	==========
54
55	There is no known workaround at this time.
56
57	Resolution
58	==========
59
60	All glibc users should upgrade to the latest version:
61
62	# emerge --sync
63	# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1"
64
65	References
66	==========
67
68	[ 1 ] CVE-2012-3404
69	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404
70	[ 2 ] CVE-2012-3405
71	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405
72	[ 3 ] CVE-2012-3406
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406
74	[ 4 ] CVE-2012-3480
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3480
76	[ 5 ] CVE-2012-4412
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412
78	[ 6 ] CVE-2012-4424
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424
80	[ 7 ] CVE-2012-6656
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6656
82	[ 8 ] CVE-2013-0242
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242
84	[ 9 ] CVE-2013-1914
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1914
86	[ 10 ] CVE-2013-2207
87	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2207
88	[ 11 ] CVE-2013-4237
89	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237
90	[ 12 ] CVE-2013-4332
91	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332
92	[ 13 ] CVE-2013-4458
93	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4458
94	[ 14 ] CVE-2013-4788
95	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4788
96	[ 15 ] CVE-2014-4043
97	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4043
98	[ 16 ] CVE-2015-0235
99	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0235
100
101	Availability
102	============
103
104	This GLSA and any updates to it are available for viewing at
105	the Gentoo Security Website:
106
107	http://security.gentoo.org/glsa/glsa-201503-04.xml
108
109	Concerns?
110	=========
111
112	Security is a primary focus of Gentoo Linux and ensuring the
113	confidentiality and security of our users' machines is of utmost
114	importance to us. Any security concerns should be addressed to
115	security@g.o or alternatively, you may file a bug at
116	https://bugs.gentoo.org.
117
118	License
119	=======
120
121	Copyright 2015 Gentoo Foundation, Inc; referenced text
122	belongs to its owner(s).
123
124	The contents of this document are licensed under the
125	Creative Commons - Attribution / Share Alike license.
126
127	http://creativecommons.org/licenses/by-sa/2.5
128
129	-----BEGIN PGP SIGNATURE-----
130
131	iQEcBAEBCgAGBQJU/F8cAAoJEP7VAChXwav62RgH/1FtHi2+w/NErH234ILiK7qK
132	9r+W5AiRbZSBKjnbxPov/h+oxi2Ez5UAdKs/4vxHA66ISIka94VKUaSrMs15zzvc
133	re8PnP0RwOVExQdF3GnO8KvuUm8trGBF1F2Hp1vqqFIk/8V1Pe5Ef45zCVOz8UjX
134	9XCSoDO/HiBM/40808siliMMJg6FxacV3vTs8XJ/O1YmBMAdzZLUmXA8Ic2X1rSO
135	Zli6p30F5mAtEzpOBiXlSCsUj+o8z6ng3oqDZCbg6B6nt/0xC4EId7Apg3k8M+TG
136	z0lN0u8rQX7rj2y0mBqErJnCx0Owy/68beP8yd3xwxwrNNbkpNDf+SDm8blhBUE=
137	=K71r
138	-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-announce