glibc-2.12-1.132.AXS4
エラータID: AXSA:2014-073:01
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
Security issues fixed with this release:
• CVE-2013-0242
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
• CVE-2013-1914
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
• CVE-2013-4332
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
Fixed bugs:
• A defect in the initial release of the getaddrinfo() system call caused AF_INET and AF_INET6 queries to return names queried from the /etc/hosts file as canonical names. This behavior is incorrect but it is the expected behavior. However, a later change in the getaddrinfo() function made AF_INET6 queries return the canonical name correctly but this was unexpected by applications relying on queries from the /etc/hosts file and they could fail to operate properly. This update ensures that AF_INET6 queries resolved from /etc/hosts always return the name as canonical. A proper patch might be issued when a standard is establish. For now, the first entry on the /etc/hosts file should be considered the canonical entry.
• Previously, nscd sometimes failed to return both IPv4 and IPv6 addresses when querying for an address using the AF_UNSPEC address family, even when both IPv4 and IPv6 results existed. This has been fixed.
Update packages.
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
N/A
SRPMS
- glibc-2.12-1.132.AXS4.src.rpm
MD5: c6b4fff8f683331ddfebd3402cc235a4
SHA-256: 698a6959b0a3b3a808b04d520ed2a79c01dd8ecc56a966cadebb49780a9f77da
Size: 15.38 MB
Asianux Server 4 for x86
- glibc-2.12-1.132.AXS4.i686.rpm
MD5: 6a334e634af3eb3464f80361d011b3e9
SHA-256: ac5eb879e046534d472d9615d280969295d61a5b7a987695fddd3dafef39d4c2
Size: 4.34 MB - glibc-common-2.12-1.132.AXS4.i686.rpm
MD5: 4351978dcf54d87ead7ae3f3eaaf10e4
SHA-256: d3dbdfbb13c245fbc74173dbb43d8c774f3db94ce937852e27f9b0a2d52df800
Size: 14.18 MB - glibc-devel-2.12-1.132.AXS4.i686.rpm
MD5: 489a3a358c625ebfec3865c7d908ebbc
SHA-256: 2685059c94e60eedaaa851136cbb081db8ac5fddc15d3b37073b9e7d869cdc7d
Size: 0.95 MB - glibc-headers-2.12-1.132.AXS4.i686.rpm
MD5: 139e15eee4d6b55bdcc8fc23b67fb49f
SHA-256: f06ed890d5225bba71df39d27d73d1a14daf12eabc687b4a63d43a3ee62bb550
Size: 615.64 kB - glibc-utils-2.12-1.132.AXS4.i686.rpm
MD5: d8045b433de756e2397b8cff3f2dac85
SHA-256: dcdaf3c4b963fbcba3c3d8cd72f7468620daab9371bebdfc9803e60cc0662dc0
Size: 164.05 kB - nscd-2.12-1.132.AXS4.i686.rpm
MD5: 20882187f536b93863fe929953c6f74a
SHA-256: dcff1f07d7fcb80709920c94e49c40609064e80515fd48797be58cc54f3380ae
Size: 217.19 kB
Asianux Server 4 for x86_64
- glibc-2.12-1.132.AXS4.x86_64.rpm
MD5: e924e1ce35b5b636001f3aaebd378320
SHA-256: 76e8dc7ec7c8cf58870e283addf1020f6dcff2e1c259246d64c99345f857dccd
Size: 3.82 MB - glibc-common-2.12-1.132.AXS4.x86_64.rpm
MD5: 3b1600207b72705ba31e8dcddbb5aba1
SHA-256: 3c9de2d93e36955609934872ae853b3b8d5c41209c5d229a7398873844dd860f
Size: 14.19 MB - glibc-devel-2.12-1.132.AXS4.x86_64.rpm
MD5: c14d0258c6e97c1b5440331301d88c22
SHA-256: 76b41c7517bbaebb616c87b8db8408ca11b12627cfe2ef24d55c1d5a712395a5
Size: 0.95 MB - glibc-headers-2.12-1.132.AXS4.x86_64.rpm
MD5: ab9d14fa932b3f4b2a13b9803e95063a
SHA-256: 0709605bdd23d9a87833ad6ef89189e5e0aed3ad4689e6c691df8655cbde743f
Size: 607.48 kB - glibc-utils-2.12-1.132.AXS4.x86_64.rpm
MD5: 206730ec4e4a40c1aaa4fefd04d410e2
SHA-256: fe7062b4f3faf98b50bd2a54484e3421a243a2cbb5e9687a6ca64d2ed517906b
Size: 162.25 kB - nscd-2.12-1.132.AXS4.x86_64.rpm
MD5: 912239b0f1869965aae58ca5808d1f2a
SHA-256: eda93a4fd70adcb8e225453e636e51f360b72c1b7c0f5daad093f27736555cd9
Size: 218.50 kB - glibc-2.12-1.132.AXS4.i686.rpm
MD5: 6a334e634af3eb3464f80361d011b3e9
SHA-256: ac5eb879e046534d472d9615d280969295d61a5b7a987695fddd3dafef39d4c2
Size: 4.34 MB - glibc-devel-2.12-1.132.AXS4.i686.rpm
MD5: 489a3a358c625ebfec3865c7d908ebbc
SHA-256: 2685059c94e60eedaaa851136cbb081db8ac5fddc15d3b37073b9e7d869cdc7d
Size: 0.95 MB
日本語