glibc-2.5-65.3.0.1.AXS3
エラータID: AXSA:2012-210:01
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
Security issues fixed with this release:
CVE-2009-5029
No description available, see the CVE links below.
CVE-2009-5064
** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
CVE-2010-0830
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
CVE-2011-1089
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
CVE-2011-4609
No description available, see the CVE links below.
Update packages.
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
N/A
SRPMS
- glibc-2.5-65.3.0.1.AXS3.src.rpm
MD5: 7c2801ee3d054ed1d0b9cefd283cf5d0
SHA-256: 5eb02b4a799e83523543714f579cd7c7ee2b5890442458ee50d60f04e7384a21
Size: 15.73 MB
Asianux Server 3 for x86
- glibc-2.5-65.3.0.1.AXS3.i386.rpm
MD5: e201ed42ab9dcb4637f734999926014d
SHA-256: 8d5d0b1a04f022039515673b30f291d3f66609fd7578946e19bf33f37a089803
Size: 4.49 MB - glibc-2.5-65.3.0.1.AXS3.i686.rpm
MD5: 270de8c990c07f1293661c3793f98817
SHA-256: 427e0cc2c386cdaa5db9aeb35d0b509662c7b23ac33a057e1df34929a414bfab
Size: 5.35 MB - glibc-common-2.5-65.3.0.1.AXS3.i386.rpm
MD5: d6e6e4569b71f52e56ccd98273fd06e3
SHA-256: bde93b64bd07354c903e5d55cfd9368d19df7b566c2b30bbf7786d3df734669d
Size: 16.81 MB - glibc-devel-2.5-65.3.0.1.AXS3.i386.rpm
MD5: 51d7a16bbe853c2a70072f4a74aa4fdd
SHA-256: 6424e72ee0cb4fab94ef6acb6baab90ff28a553273e26bb6090420114def13a0
Size: 2.05 MB - glibc-headers-2.5-65.3.0.1.AXS3.i386.rpm
MD5: a50f4d5051c02ade52167f7a89bba06a
SHA-256: 7ca068a3eedf48c986ca29f16ea74ec3d256585838c1d35662dd2c10ab6fa37f
Size: 615.17 kB - glibc-utils-2.5-65.3.0.1.AXS3.i386.rpm
MD5: 321ce8edcc870a9260285aa16ee29040
SHA-256: 39694eb5a9409c3df2403d1b7edc03d74af57775bb71dd83e80d46b05df72eea
Size: 134.21 kB - nscd-2.5-65.3.0.1.AXS3.i386.rpm
MD5: e4050d95e2d171a8412cda8b38f0108a
SHA-256: 9f3cb474e71c53a23e21d156a37c2e7336966e0fd8d9124533def51c7309e553
Size: 170.69 kB
Asianux Server 3 for x86_64
- glibc-2.5-65.3.0.1.AXS3.x86_64.rpm
MD5: af2d047cfce402ca2145e72b53c7657f
SHA-256: 49bf98d97cf91af4dfd399bacdf0061c379014f3c2cad610c4395e3846f4f103
Size: 4.77 MB - glibc-common-2.5-65.3.0.1.AXS3.x86_64.rpm
MD5: 7820ac20ff92702b70501bc35ce82510
SHA-256: 698c579985377afa76b18dc5180a9a72dece33b12a2318d2d3e641bdf0b6ce38
Size: 16.84 MB - glibc-devel-2.5-65.3.0.1.AXS3.x86_64.rpm
MD5: 5934ba2a47b5c3897506fabd28546f35
SHA-256: 500c51838f770b6101b9116cf53ba14030f7411121a914167a553b086146ffe0
Size: 2.42 MB - glibc-headers-2.5-65.3.0.1.AXS3.x86_64.rpm
MD5: edd0eb65e10c20baa7bdd57954b9a34a
SHA-256: 6ec594d955a212456c1a69d793a6f7816eb95ddb90df8f3314afd1c115f9ab37
Size: 605.61 kB - glibc-utils-2.5-65.3.0.1.AXS3.x86_64.rpm
MD5: af2344c46561504d3a830434d661f4ec
SHA-256: 7d4c0fd72b850ca88a4b16d706b77bd810839f41d9d42c19159be8f93c7e9dd9
Size: 132.77 kB - nscd-2.5-65.3.0.1.AXS3.x86_64.rpm
MD5: 897bbd7c3451ba1444c92c2705468015
SHA-256: 940f94ca843cbf8c446e3db06dbbb9e79577f41d3c124b17de28feb286674266
Size: 170.80 kB