glibc-2.12-1.80.AXS4.3
エラータID: AXSA:2012-754:05
リリース日:
2012/08/20 Monday - 20:18
題名:
glibc-2.12-1.80.AXS4.3
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 の情報が公開されておりません。
- CVEの情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.
CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.12-1.80.AXS4.3.src.rpm
MD5: 2a75ea9b89945c2b9e3ca2d320c1b36f
SHA-256: 4a1e775738204e9540b67224c55e7a4dc66721c54ba325176f337bd9e6df898f
Size: 15.25 MB
Asianux Server 4 for x86
- glibc-2.12-1.80.AXS4.3.i686.rpm
MD5: a4cedde3649e46d0b52fe7c77706bb3a
SHA-256: e03076cefb041e4297abb571585cf3b68d82924716a59584f812e096b60a4276
Size: 4.30 MB - glibc-common-2.12-1.80.AXS4.3.i686.rpm
MD5: 463ead2d832afdad2de8c8a20fa69bcd
SHA-256: 04f71957bcd84d48d3f9f7197834e6681347aa8279c92a5fab8e3ec15762bfe1
Size: 14.17 MB - glibc-devel-2.12-1.80.AXS4.3.i686.rpm
MD5: 441bea11c4efda3c2b1dc84635010866
SHA-256: 85716acfff1ed86b77a67ef44511f91698b326e23cbf7da09d576b5f9c20447e
Size: 970.15 kB - glibc-headers-2.12-1.80.AXS4.3.i686.rpm
MD5: 5e27b8971a25b425134b02d76f7fc576
SHA-256: 6bfa8ceaaa5e1db74c42bc1e98fc3429f577779036f48b29466bd134a58726ce
Size: 608.47 kB - glibc-utils-2.12-1.80.AXS4.3.i686.rpm
MD5: 56a99b06468fd9dc08bd43cac8076437
SHA-256: d9c202b36f1971a2754038ccfd0b393bb14c7aaf2e68453c75766838b3010384
Size: 156.60 kB - nscd-2.12-1.80.AXS4.3.i686.rpm
MD5: 95225ea09db46317c3e7276b9f66f210
SHA-256: 235ee1d494f33035ab0d013050ea3994fcb073f49a1003db36d947922f7ccc57
Size: 206.34 kB
Asianux Server 4 for x86_64
- glibc-2.12-1.80.AXS4.3.x86_64.rpm
MD5: 38b06d31a3702d64641c5563d1d2c0f2
SHA-256: 51045e8278cbcc014f0eabb23c824b9dac7bafb9d8de63304834cc3a592a6fe9
Size: 3.78 MB - glibc-common-2.12-1.80.AXS4.3.x86_64.rpm
MD5: 5a0a9e54cce6b140a84ae7e5c77404de
SHA-256: 672faac03dc0cd2cd7005ca6cfbab576c4b1ae5c261455ce8b353a72af1ce46d
Size: 14.18 MB - glibc-devel-2.12-1.80.AXS4.3.x86_64.rpm
MD5: 108c3aa857666cf2fdc63f532b281e0a
SHA-256: 43f455faf5bc6752d4370268f44d083fca74ab8e8e5bfbb338adb05af6980a33
Size: 969.28 kB - glibc-headers-2.12-1.80.AXS4.3.x86_64.rpm
MD5: 6cce49bb12f1b889377b6101a6ad5cb5
SHA-256: 9f72ff3af9e026a1fcb3feb9f6abdf001319667ea6141b5bc1e38cdc85a223fc
Size: 600.03 kB - glibc-utils-2.12-1.80.AXS4.3.x86_64.rpm
MD5: b6d0c5e437c8814596f2adf639158f2f
SHA-256: bc1e46d6c83c533c10a7f03f04ae7fd409d5b10c6a7f1ba82b1b48d481831f85
Size: 154.78 kB - nscd-2.12-1.80.AXS4.3.x86_64.rpm
MD5: 6e892d1e22b26d68446383413b2dc680
SHA-256: 78a4e8e9ab5ec0356ecd359bc6ec4e9d246e6bc299eed5f114c5ed42640963cb
Size: 207.28 kB - glibc-2.12-1.80.AXS4.3.i686.rpm
MD5: a4cedde3649e46d0b52fe7c77706bb3a
SHA-256: e03076cefb041e4297abb571585cf3b68d82924716a59584f812e096b60a4276
Size: 4.30 MB - glibc-devel-2.12-1.80.AXS4.3.i686.rpm
MD5: 441bea11c4efda3c2b1dc84635010866
SHA-256: 85716acfff1ed86b77a67ef44511f91698b326e23cbf7da09d576b5f9c20447e
Size: 970.15 kB