glibc-2.12-1.80.AXS4.3

エラータID: AXSA:2012-754:05

リリース日: 
2012/08/20 Monday - 20:18
題名: 
glibc-2.12-1.80.AXS4.3
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]

- 現時点では CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 の情報が公開されておりません。
- CVEの情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2012-3404
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.
CVE-2012-3405
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
CVE-2012-3406
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.




追加情報: 

N/A

ダウンロード: 

SRPMS
  1. glibc-2.12-1.80.AXS4.3.src.rpm
    MD5: 2a75ea9b89945c2b9e3ca2d320c1b36f
    SHA-256: 4a1e775738204e9540b67224c55e7a4dc66721c54ba325176f337bd9e6df898f
    Size: 15.25 MB

Asianux Server 4 for x86
  1. glibc-2.12-1.80.AXS4.3.i686.rpm
    MD5: a4cedde3649e46d0b52fe7c77706bb3a
    SHA-256: e03076cefb041e4297abb571585cf3b68d82924716a59584f812e096b60a4276
    Size: 4.30 MB
  2. glibc-common-2.12-1.80.AXS4.3.i686.rpm
    MD5: 463ead2d832afdad2de8c8a20fa69bcd
    SHA-256: 04f71957bcd84d48d3f9f7197834e6681347aa8279c92a5fab8e3ec15762bfe1
    Size: 14.17 MB
  3. glibc-devel-2.12-1.80.AXS4.3.i686.rpm
    MD5: 441bea11c4efda3c2b1dc84635010866
    SHA-256: 85716acfff1ed86b77a67ef44511f91698b326e23cbf7da09d576b5f9c20447e
    Size: 970.15 kB
  4. glibc-headers-2.12-1.80.AXS4.3.i686.rpm
    MD5: 5e27b8971a25b425134b02d76f7fc576
    SHA-256: 6bfa8ceaaa5e1db74c42bc1e98fc3429f577779036f48b29466bd134a58726ce
    Size: 608.47 kB
  5. glibc-utils-2.12-1.80.AXS4.3.i686.rpm
    MD5: 56a99b06468fd9dc08bd43cac8076437
    SHA-256: d9c202b36f1971a2754038ccfd0b393bb14c7aaf2e68453c75766838b3010384
    Size: 156.60 kB
  6. nscd-2.12-1.80.AXS4.3.i686.rpm
    MD5: 95225ea09db46317c3e7276b9f66f210
    SHA-256: 235ee1d494f33035ab0d013050ea3994fcb073f49a1003db36d947922f7ccc57
    Size: 206.34 kB

Asianux Server 4 for x86_64
  1. glibc-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 38b06d31a3702d64641c5563d1d2c0f2
    SHA-256: 51045e8278cbcc014f0eabb23c824b9dac7bafb9d8de63304834cc3a592a6fe9
    Size: 3.78 MB
  2. glibc-common-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 5a0a9e54cce6b140a84ae7e5c77404de
    SHA-256: 672faac03dc0cd2cd7005ca6cfbab576c4b1ae5c261455ce8b353a72af1ce46d
    Size: 14.18 MB
  3. glibc-devel-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 108c3aa857666cf2fdc63f532b281e0a
    SHA-256: 43f455faf5bc6752d4370268f44d083fca74ab8e8e5bfbb338adb05af6980a33
    Size: 969.28 kB
  4. glibc-headers-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 6cce49bb12f1b889377b6101a6ad5cb5
    SHA-256: 9f72ff3af9e026a1fcb3feb9f6abdf001319667ea6141b5bc1e38cdc85a223fc
    Size: 600.03 kB
  5. glibc-utils-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: b6d0c5e437c8814596f2adf639158f2f
    SHA-256: bc1e46d6c83c533c10a7f03f04ae7fd409d5b10c6a7f1ba82b1b48d481831f85
    Size: 154.78 kB
  6. nscd-2.12-1.80.AXS4.3.x86_64.rpm
    MD5: 6e892d1e22b26d68446383413b2dc680
    SHA-256: 78a4e8e9ab5ec0356ecd359bc6ec4e9d246e6bc299eed5f114c5ed42640963cb
    Size: 207.28 kB
  7. glibc-2.12-1.80.AXS4.3.i686.rpm
    MD5: a4cedde3649e46d0b52fe7c77706bb3a
    SHA-256: e03076cefb041e4297abb571585cf3b68d82924716a59584f812e096b60a4276
    Size: 4.30 MB
  8. glibc-devel-2.12-1.80.AXS4.3.i686.rpm
    MD5: 441bea11c4efda3c2b1dc84635010866
    SHA-256: 85716acfff1ed86b77a67ef44511f91698b326e23cbf7da09d576b5f9c20447e
    Size: 970.15 kB