Описание
ELSA-2012-1097: glibc security and bug fix update (MODERATE)
[2.5-81.el5_8.4]
- Fix iconv() segfault if the invalid multibyte character 0xffff is input when converting from IBM930 (#837896)
[2.5-81.el5_8.3]
- Fix unbound alloca in vfprintf (#833720)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
glibc
2.5-81.el5_8.4
glibc-common
2.5-81.el5_8.4
glibc-devel
2.5-81.el5_8.4
glibc-headers
2.5-81.el5_8.4
glibc-utils
2.5-81.el5_8.4
nscd
2.5-81.el5_8.4
Oracle Linux x86_64
glibc
2.5-81.el5_8.4
glibc-common
2.5-81.el5_8.4
glibc-devel
2.5-81.el5_8.4
glibc-headers
2.5-81.el5_8.4
glibc-utils
2.5-81.el5_8.4
nscd
2.5-81.el5_8.4
Oracle Linux i386
glibc
2.5-81.el5_8.4
glibc-common
2.5-81.el5_8.4
glibc-devel
2.5-81.el5_8.4
glibc-headers
2.5-81.el5_8.4
glibc-utils
2.5-81.el5_8.4
nscd
2.5-81.el5_8.4
Связанные CVE
Связанные уязвимости
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.