Slackware Local Security Checks : Slackware: Security Advisory (SSA:2012-041-03)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.71964

Kategorie: Slackware Local Security Checks

Titel: Slackware: Security Advisory (SSA:2012-041-03)

Zusammenfassung: The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2012-041-03 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2012-041-03 advisory.

Vulnerability Insight:
New glibc packages are available for Slackware 13.1, 13.37, and -current to
fix a security issue.

Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:
[link moved to references]
(* Security fix *)
patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt.
patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt.
(* Security fix *)
patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt.
(* Security fix *)
patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt.
+--------------------------+

Affected Software/OS:
'glibc' package(s) on Slackware 13.1, Slackware 13.37, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-5029
20111203 VSFTPD Remote Heap Overrun (low severity)
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
[libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
https://bugzilla.redhat.com/show_bug.cgi?id=761245

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.71964
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2012-041-03)
Zusammenfassung:	The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2012-041-03 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2012-041-03 advisory. Vulnerability Insight: New glibc packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt. Patched an overflow in tzfile. This was evidently first reported in 2009, but is only now getting around to being patched. To exploit it, one must be able to write beneath /usr/share/zoneinfo, which is usually not possible for a normal user, but may be in the case where they are chroot()ed to a directory that they own. For more information, see: [link moved to references] (* Security fix ) patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt. patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt. ( Security fix ) patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt. ( Security fix *) patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt. +--------------------------+ Affected Software/OS: 'glibc' package(s) on Slackware 13.1, Slackware 13.37, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5029 20111203 VSFTPD Remote Heap Overrun (low severity) http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html [libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/ http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2 https://bugzilla.redhat.com/show_bug.cgi?id=761245
Copyright	Copyright (C) 2012 Greenbone AG