glibc-2.12-1.209.AXS4

エラータID: AXSA:2017-1373:01

Release date: 
Wednesday, March 22, 2017 - 23:09
Subject: 
glibc-2.12-1.209.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

Security issues fixed with this release:

CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc
or libc6) before 2.23 allow context-dependent attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via a long argument to the (1) nan, (2) nanf, or (3) nanl
function.
CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) before
2.23 allows context-dependent attackers to cause a denial of service
(application crash) or possibly obtain sensitive information via an
out-of-range time value.
CVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23
allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via the size
argument to the __hcreate_r function, which triggers out-of-bounds
heap-memory access.
CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C
Library (aka glibc or libc6) before 2.23 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long catalog name.

Additional Changes:

Solution: 

Update package.

CVEs: 
CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
Additional Info: 

N/A

Download: 

SRPMS
  1. glibc-2.12-1.209.AXS4.src.rpm
    MD5: 7d31f1e1514fa672fa9197a01be82ca7
    SHA-256: 3d6b8463f63dc882fe925e6d9f8988d0a6d363e38ab88d923989475eda810d1b
    Size: 15.98 MB

Asianux Server 4 for x86
  1. glibc-2.12-1.209.AXS4.i686.rpm
    MD5: 7d281ce27051b079ea21ccf0b5f88de0
    SHA-256: 691601bc7b18c90b2d739fdeff2a6a069e8b6414f5f8878a5d282be25702813d
    Size: 4.36 MB
  2. glibc-common-2.12-1.209.AXS4.i686.rpm
    MD5: cf7f3bb419c95494475bd5f905331894
    SHA-256: 0be862bf90291fd5cde2fbc15521c24566c8d243a786e59e6a49391af4ec8a4e
    Size: 14.22 MB
  3. glibc-devel-2.12-1.209.AXS4.i686.rpm
    MD5: 90235ba164cec6722dab2fa7dcbf0fc3
    SHA-256: 8cf6326a04a02b978268ad3fd4b2920805cee065fe98e1c3d9b0fd4c4dfe272b
    Size: 0.97 MB
  4. glibc-headers-2.12-1.209.AXS4.i686.rpm
    MD5: 4f6c78864c0536c77caaf04ebe879d85
    SHA-256: 4797ebab69b96ca0b5d34bd57978860ac82c5ee36d9d661d4236f896f4b44f30
    Size: 626.92 kB
  5. glibc-utils-2.12-1.209.AXS4.i686.rpm
    MD5: 934be0fd9d3c5c2e88f1dcc8a4ba4a56
    SHA-256: 1b196c169ce769b512c7c447aa0117cfe7595edc455640eeaa8dc9172f7688bd
    Size: 175.09 kB
  6. nscd-2.12-1.209.AXS4.i686.rpm
    MD5: d2f5b3a29965448963ca03bf62111326
    SHA-256: 8b7d669525ad492e98accccee6344415bbd7d612a516c4d84930ac4d13ed1a2f
    Size: 229.75 kB

Asianux Server 4 for x86_64
  1. glibc-2.12-1.209.AXS4.x86_64.rpm
    MD5: ec11ad04a2a9c91d9a68ccea1e29f168
    SHA-256: d13ddefa2525797e0e030e01c44d8828aaa22c01dbc43e33a93445f029db4bde
    Size: 3.82 MB
  2. glibc-common-2.12-1.209.AXS4.x86_64.rpm
    MD5: 816a0795e3705470f029b2e250bd02ce
    SHA-256: 40dc6ae265de11035ac442801d095ca72bd21862eb5d69650e4150bdff97dbb0
    Size: 14.23 MB
  3. glibc-devel-2.12-1.209.AXS4.x86_64.rpm
    MD5: 0b851fe7cde37b8de7cf6045b8f5737b
    SHA-256: 34e2c32759265c08ef8e151a0834a4113d4e90d1dc8d8bfc0326c7208079b738
    Size: 0.97 MB
  4. glibc-headers-2.12-1.209.AXS4.x86_64.rpm
    MD5: 74bd25014f25bed2e344a01ccb2234f6
    SHA-256: b23afcf1b0fed45e4dc6e79cfa57a516c56d2ed8e9e2362644b72909930913ee
    Size: 618.52 kB
  5. glibc-utils-2.12-1.209.AXS4.x86_64.rpm
    MD5: 5862171b812008cee0c19d37e0bbc906
    SHA-256: 90cae92c1db0abfd715248cd43b178eb6c953b8820add341c3ae446d918506ae
    Size: 173.04 kB
  6. nscd-2.12-1.209.AXS4.x86_64.rpm
    MD5: 5c0143056e3afdf65c46f4994ad0a301
    SHA-256: 16dc5995182f205fdd642ce61ffef3ca223b0d401020bc129e8299d5f467f56e
    Size: 230.96 kB
  7. glibc-2.12-1.209.AXS4.i686.rpm
    MD5: 7d281ce27051b079ea21ccf0b5f88de0
    SHA-256: 691601bc7b18c90b2d739fdeff2a6a069e8b6414f5f8878a5d282be25702813d
    Size: 4.36 MB
  8. glibc-devel-2.12-1.209.AXS4.i686.rpm
    MD5: 90235ba164cec6722dab2fa7dcbf0fc3
    SHA-256: 8cf6326a04a02b978268ad3fd4b2920805cee065fe98e1c3d9b0fd4c4dfe272b
    Size: 0.97 MB