Red Hat Local Security Checks : RedHat Update for glibc RHSA-2012:1208-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870816

Categoría: Red Hat Local Security Checks

Título: RedHat Update for glibc RHSA-2012:1208-01

Resumen: The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'glibc'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The glibc packages provide the standard C and standard math libraries used
by multiple programs on the system. Without these libraries, the Linux
system cannot function properly.

Multiple integer overflow flaws, leading to stack-based buffer overflows,
were found in glibc's functions for converting a string to a numeric
representation (strtod(), strtof(), and strtold()). If an application used
such a function on attacker controlled input, it could cause the
application to crash or, potentially, execute arbitrary code.
(CVE-2012-3480)

All users of glibc are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

Affected Software/OS:
glibc on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3480
1027374
http://www.securitytracker.com/id?1027374
50201
http://secunia.com/advisories/50201
50422
http://secunia.com/advisories/50422
54982
http://www.securityfocus.com/bid/54982
84710
http://osvdb.org/84710
FEDORA-2012-11927
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
RHSA-2012:1207
http://rhn.redhat.com/errata/RHSA-2012-1207.html
RHSA-2012:1208
http://rhn.redhat.com/errata/RHSA-2012-1208.html
RHSA-2012:1262
http://rhn.redhat.com/errata/RHSA-2012-1262.html
RHSA-2012:1325
http://rhn.redhat.com/errata/RHSA-2012-1325.html
USN-1589-1
http://www.ubuntu.com/usn/USN-1589-1
[libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459)
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
[oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://www.openwall.com/lists/oss-security/2012/08/13/4
[oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://www.openwall.com/lists/oss-security/2012/08/13/6
http://sourceware.org/bugzilla/show_bug.cgi?id=14459

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870816
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for glibc RHSA-2012:1208-01
Resumen:	The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory. Vulnerability Insight: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. Affected Software/OS: glibc on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3480 1027374 http://www.securitytracker.com/id?1027374 50201 http://secunia.com/advisories/50201 50422 http://secunia.com/advisories/50422 54982 http://www.securityfocus.com/bid/54982 84710 http://osvdb.org/84710 FEDORA-2012-11927 http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1207 http://rhn.redhat.com/errata/RHSA-2012-1207.html RHSA-2012:1208 http://rhn.redhat.com/errata/RHSA-2012-1208.html RHSA-2012:1262 http://rhn.redhat.com/errata/RHSA-2012-1262.html RHSA-2012:1325 http://rhn.redhat.com/errata/RHSA-2012-1325.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/4 [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/6 http://sourceware.org/bugzilla/show_bug.cgi?id=14459
Copyright	Copyright (C) 2012 Greenbone AG