glibc-2.12-1.80.AXS4.3

エラータID: AXSA:2012-754:05

Release date: 
Monday, August 20, 2012 - 20:18
Subject: 
glibc-2.12-1.80.AXS4.3
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.

Security issues fixed with this release:

CVE-2012-3404
CVE-2012-3405
CVE-2012-3406
No description available at the time of writing, please use the CVE links below.

Fixed bugs:

• If the /etc/resolv.conf file contained IPv6 nameservers, an internal array of nameservers would only be partially initialized and could sometimes cause certain applications to crash. This has been fixed.

Solution: 

Update packages.

CVEs: 
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.
CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.




Additional Info: 

N/A

Download: 

SRPMS
  1. glibc-2.12-1.80.AXS4.3.src.rpm
    MD5: 2a75ea9b89945c2b9e3ca2d320c1b36f
    SHA-256: 4a1e775738204e9540b67224c55e7a4dc66721c54ba325176f337bd9e6df898f
    Size: 15.25 MB

Asianux Server 4 for x86
  1. glibc-2.12-1.80.AXS4.3.i686.rpm
    MD5: a4cedde3649e46d0b52fe7c77706bb3a
    SHA-256: e03076cefb041e4297abb571585cf3b68d82924716a59584f812e096b60a4276
    Size: 4.30 MB
  2. glibc-common-2.12-1.80.AXS4.3.i686.rpm
    MD5: 463ead2d832afdad2de8c8a20fa69bcd
    SHA-256: 04f71957bcd84d48d3f9f7197834e6681347aa8279c92a5fab8e3ec15762bfe1
    Size: 14.17 MB
  3. glibc-devel-2.12-1.80.AXS4.3.i686.rpm
    MD5: 441bea11c4efda3c2b1dc84635010866
    SHA-256: 85716acfff1ed86b77a67ef44511f91698b326e23cbf7da09d576b5f9c20447e
    Size: 970.15 kB
  4. glibc-headers-2.12-1.80.AXS4.3.i686.rpm
    MD5: 5e27b8971a25b425134b02d76f7fc576
    SHA-256: 6bfa8ceaaa5e1db74c42bc1e98fc3429f577779036f48b29466bd134a58726ce
    Size: 608.47 kB
  5. glibc-utils-2.12-1.80.AXS4.3.i686.rpm
    MD5: 56a99b06468fd9dc08bd43cac8076437
    SHA-256: d9c202b36f1971a2754038ccfd0b393bb14c7aaf2e68453c75766838b3010384
    Size: 156.60 kB
  6. nscd-2.12-1.80.AXS4.3.i686.rpm
    MD5: 95225ea09db46317c3e7276b9f66f210
    SHA-256: 235ee1d494f33035ab0d013050ea3994fcb073f49a1003db36d947922f7ccc57
    Size: 206.34 kB

Asianux Server 4 for x86_64
  1. glibc-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 38b06d31a3702d64641c5563d1d2c0f2
    SHA-256: 51045e8278cbcc014f0eabb23c824b9dac7bafb9d8de63304834cc3a592a6fe9
    Size: 3.78 MB
  2. glibc-common-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 5a0a9e54cce6b140a84ae7e5c77404de
    SHA-256: 672faac03dc0cd2cd7005ca6cfbab576c4b1ae5c261455ce8b353a72af1ce46d
    Size: 14.18 MB
  3. glibc-devel-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 108c3aa857666cf2fdc63f532b281e0a
    SHA-256: 43f455faf5bc6752d4370268f44d083fca74ab8e8e5bfbb338adb05af6980a33
    Size: 969.28 kB
  4. glibc-headers-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 6cce49bb12f1b889377b6101a6ad5cb5
    SHA-256: 9f72ff3af9e026a1fcb3feb9f6abdf001319667ea6141b5bc1e38cdc85a223fc
    Size: 600.03 kB
  5. glibc-utils-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: b6d0c5e437c8814596f2adf639158f2f
    SHA-256: bc1e46d6c83c533c10a7f03f04ae7fd409d5b10c6a7f1ba82b1b48d481831f85
    Size: 154.78 kB
  6. nscd-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 6e892d1e22b26d68446383413b2dc680
    SHA-256: 78a4e8e9ab5ec0356ecd359bc6ec4e9d246e6bc299eed5f114c5ed42640963cb
    Size: 207.28 kB
  7. glibc-2.12-1.80.AXS4.3.i686.rpm
    MD5: a4cedde3649e46d0b52fe7c77706bb3a
    SHA-256: e03076cefb041e4297abb571585cf3b68d82924716a59584f812e096b60a4276
    Size: 4.30 MB
  8. glibc-devel-2.12-1.80.AXS4.3.i686.rpm
    MD5: 441bea11c4efda3c2b1dc84635010866
    SHA-256: 85716acfff1ed86b77a67ef44511f91698b326e23cbf7da09d576b5f9c20447e
    Size: 970.15 kB