glibc-2.5-58.2.0.1.AXS3
エラータID: AXSA:2011-151:01
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
Security issues fixed with this release:
CVE-2010-0296
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
CVE-2011-0536
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
CVE-2011-1071
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome.
CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
Update packages.
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
N/A
Asianux Server 3 for x86
- glibc-2.5-58.2.0.1.AXS3.i686.rpm
MD5: 9bfb1b818bd2cf702bb9834f5f307a9a
SHA-256: 63d1c84152810992c4ae120eb0e2395573f7582f1a941cd325c231793b88274a
Size: 5.35 MB - glibc-2.5-58.2.0.1.AXS3.i386.rpm
MD5: ebfb4096533d8498e2ea72335d879906
SHA-256: a436f3d1e546b4c77624d7ac1aaf5ef18417fc816b240fc146809a27ecf2a403
Size: 4.49 MB - glibc-common-2.5-58.2.0.1.AXS3.i386.rpm
MD5: f9064467c9eb8ec5535665fa5ae8a253
SHA-256: 8d80fc716cdbd2b4c996478f49dbf95bb70779d4ee0c98fdd6edbac7a7686976
Size: 16.81 MB - glibc-devel-2.5-58.2.0.1.AXS3.i386.rpm
MD5: d9807ff0e44576bf5abf1c568d525d4d
SHA-256: 013039bee307ca5663c77bbc905391e3a366750e2ce27450182f3c67c128f6df
Size: 2.05 MB - glibc-headers-2.5-58.2.0.1.AXS3.i386.rpm
MD5: 60d0df1c94f156c769cb5043cb5f3ff3
SHA-256: 957fe368f66d599bf7d58d3656542f7916fc7af470ebc0c45b6909359f56e437
Size: 614.03 kB - glibc-utils-2.5-58.2.0.1.AXS3.i386.rpm
MD5: 33c16e6576491254fe89e425d1d674b1
SHA-256: afcbe097b84dede5667dc98be884aa1683b05ba814f0fe0c359cd5b8b28d4534
Size: 133.14 kB - nscd-2.5-58.2.0.1.AXS3.i386.rpm
MD5: 3ad2f1970118573e80e32a903491c796
SHA-256: 4747c79efd561934855323f4c122a173e777d53486636116c445d10c0ddc17ba
Size: 167.62 kB
Asianux Server 3 for x86_64
- glibc-2.5-58.2.0.1.AXS3.x86_64.rpm
MD5: e9816ebce297b0bab363a7785efa40e1
SHA-256: bbdc1358ebf43c65545c95487246393dadc80696104569fba1eff215758ef3d7
Size: 4.77 MB - glibc-common-2.5-58.2.0.1.AXS3.x86_64.rpm
MD5: f7154c07f7b72b7e18eea99faea056e1
SHA-256: a62233002abe1d6cd5118af2d6f9bb14ae5f7bf82c699b8605661f37f077ae27
Size: 16.84 MB - glibc-devel-2.5-58.2.0.1.AXS3.x86_64.rpm
MD5: fde32bfc4aa61032eeeb5e4c4dbda434
SHA-256: 5b9575c07fd76f24d40a65b88984ce8b32ad1cc9f8118ccd48e9a62ddc794569
Size: 2.42 MB - glibc-headers-2.5-58.2.0.1.AXS3.x86_64.rpm
MD5: 6e8c03a258671310bc9a75dd7b7a38dc
SHA-256: 200646e356a7b342287195536e18fcbec4764c463a80938c488501a8e0f4c1ed
Size: 604.44 kB - glibc-utils-2.5-58.2.0.1.AXS3.x86_64.rpm
MD5: 2db45501ce13140411fdb5bfd4612a82
SHA-256: 11e0417f23f4971e426de2218dbd6498a456eb8435dc74fe375180c74672be1c
Size: 131.69 kB - nscd-2.5-58.2.0.1.AXS3.x86_64.rpm
MD5: ed9113b60d62f262315756016f199b1d
SHA-256: 1bb44087171d19d843d58f40781316ccf9e1fe78e4873c7c9a8369b88438284a
Size: 167.83 kB
日本語