Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.881990 |
Category: | CentOS Local Security Checks |
Title: | CentOS Update for glibc CESA-2014:1110 centos6 |
Summary: | The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory. Vulnerability Insight: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at the linked references. 5. Bugs fixed: 1102353 - CVE-2014-0475 glibc: directory traversal in LC_* locale handling 1119128 - CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: glibc-2.5-118.el5_10.3.src.rpm i386: glibc-2.5-118.el5_10.3.i386.rpm glibc-2.5-118.el5_10.3.i686.rpm glibc-common-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-headers-2.5-118.el5_10.3.i386.rpm glibc-utils-2.5-118.el5_10.3.i386.rpm nscd-2.5-118.el5_10.3.i386.rpm x86_64: glibc-2.5-118.el5_10.3.i686.rpm glibc-2.5-118.el5_10.3.x86_64.rpm glibc-common-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.x86_64.rpm glibc-headers-2 ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: glibc on CentOS 6 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0475 BugTraq ID: 68505 http://www.securityfocus.com/bid/68505 Debian Security Information: DSA-2976 (Google Search) http://www.debian.org/security/2014/dsa-2976 https://security.gentoo.org/glsa/201602-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://www.openwall.com/lists/oss-security/2014/07/10/7 http://www.openwall.com/lists/oss-security/2014/07/14/6 RedHat Security Advisories: RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html http://www.securitytracker.com/id/1030569 Common Vulnerability Exposure (CVE) ID: CVE-2014-5119 BugTraq ID: 68983 http://www.securityfocus.com/bid/68983 BugTraq ID: 69738 http://www.securityfocus.com/bid/69738 Cisco Security Advisory: 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 Debian Security Information: DSA-3012 (Google Search) http://www.debian.org/security/2014/dsa-3012 http://seclists.org/fulldisclosure/2014/Aug/69 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html https://code.google.com/p/google-security-research/issues/detail?id=96 http://www.openwall.com/lists/oss-security/2014/08/13/5 http://www.openwall.com/lists/oss-security/2014/07/14/1 RedHat Security Advisories: RHSA-2014:1118 http://rhn.redhat.com/errata/RHSA-2014-1118.html http://secunia.com/advisories/60345 http://secunia.com/advisories/60358 http://secunia.com/advisories/60441 http://secunia.com/advisories/61074 http://secunia.com/advisories/61093 SuSE Security Announcement: SUSE-SU-2014:1125 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html |
Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |