glibc-2.12-1.7.AXS4.5
エラータID: AXSA:2011-142:02
リリース日:
2011/04/11 Monday - 12:29
題名:
glibc-2.12-1.7.AXS4.5
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
Security issues fixed with this release:
CVE-2011-0536
CVE-2011-1071
CVE-2011-1095
No information available at the time of writing, please refer to the CVE links below.
解決策:
Update packages.
CVE:
CVE-2011-0536
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.
CVE-2011-1071
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.12-1.7.AXS4.5.src.rpm
MD5: 70a181ce7c09b21539415aa89e8ce0f0
SHA-256: a369acc66478a24cabb70c5aecb3dc1b7da58abe4aec688c5c3f1bb9e9e60d69
Size: 15.06 MB
Asianux Server 4 for x86
- glibc-2.12-1.7.AXS4.5.i686.rpm
MD5: 06ab25cfe90cf7ef2fc2410b12b5562c
SHA-256: b9b99ef4428d5e8471ff6c200db82eb95bb796d08e4892380e6a8d49e8679521
Size: 4.26 MB - glibc-common-2.12-1.7.AXS4.5.i686.rpm
MD5: 36a7a7712ea5671423cca722c8680cee
SHA-256: 754a5bb2e7e94d3711366e36816907e1a898bd6971256c72145197c9345e296d
Size: 14.11 MB - glibc-devel-2.12-1.7.AXS4.5.i686.rpm
MD5: dfa6ebd26914bfdaea87c4922153823a
SHA-256: 2a14b79cb702d5382c956f703cb5e58016f37bfd6c67b629d23e5e338466595a
Size: 960.76 kB - glibc-headers-2.12-1.7.AXS4.5.i686.rpm
MD5: b3609fb4e0dee8703a93235a66a0760b
SHA-256: 78f89612f8489ebbd668527e78cd4bc05bb786e9acddfb2efcc8d12337d43e0c
Size: 599.45 kB - glibc-utils-2.12-1.7.AXS4.5.i686.rpm
MD5: b3927071175947c2a8f6b00f274cbbbf
SHA-256: fe6307003a7d8c552943a7a6eed77590ee8dd911736af40bfc94f98e7142689b
Size: 155.21 kB - nscd-2.12-1.7.AXS4.5.i686.rpm
MD5: c341a8da6a7d34196ea546735914f0e5
SHA-256: 857ad9ed347e04a3122298dbd5ad434b23142e5eb4764b895462c79679a67998
Size: 196.36 kB
Asianux Server 4 for x86_64
- glibc-2.12-1.7.AXS4.5.x86_64.rpm
MD5: cc0d8d4710696eecec0c8260c1acec44
SHA-256: d67d5959ef544d4ce94448c6560aed04bb9b54406413b0e218bd12054d0b6fc2
Size: 3.74 MB - glibc-common-2.12-1.7.AXS4.5.x86_64.rpm
MD5: 0cbb47f8109983fb63628af9f7b0bb81
SHA-256: 028c2c61021b7e7cefb7445c92857ce59c08257687acfdca2ba8276bc72a2edf
Size: 14.12 MB - glibc-devel-2.12-1.7.AXS4.5.x86_64.rpm
MD5: 4b558d61c3e3ef7e725fb4af3176f200
SHA-256: 15047997c915f6d643787d76af37eb11119f44b9ea2acf204db3095065599aa2
Size: 959.93 kB - glibc-headers-2.12-1.7.AXS4.5.x86_64.rpm
MD5: c6418cb1caa163ce5af482f860f39c49
SHA-256: e12bf330da9d4f0a76c7d80aef1d8a823f5aed7d8fb24210af565fb092c73075
Size: 590.90 kB - glibc-utils-2.12-1.7.AXS4.5.x86_64.rpm
MD5: 2ebc20d7fb1b4026b0f5eaa42e6934f2
SHA-256: 21add50c150f3292968a89c75dedea6e760aaf015ca8695de689bcbc7ae2ae72
Size: 153.84 kB - nscd-2.12-1.7.AXS4.5.x86_64.rpm
MD5: 256b3fc507bf51765cde2d5b2ab240b1
SHA-256: dcf844bfd552ab954c773d8497dff6e95f2d539f5d25a2c2cba809e4b262cdf2
Size: 197.21 kB - glibc-2.12-1.7.AXS4.5.i686.rpm
MD5: 06ab25cfe90cf7ef2fc2410b12b5562c
SHA-256: b9b99ef4428d5e8471ff6c200db82eb95bb796d08e4892380e6a8d49e8679521
Size: 4.26 MB - glibc-devel-2.12-1.7.AXS4.5.i686.rpm
MD5: dfa6ebd26914bfdaea87c4922153823a
SHA-256: 2a14b79cb702d5382c956f703cb5e58016f37bfd6c67b629d23e5e338466595a
Size: 960.76 kB