SB2015030802 - Gentoo update for GNU C Library
Published: March 8, 2015 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2012-3404)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.
2) Input validation error (CVE-ID: CVE-2012-3405)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3406)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
4) Stack-based buffer overflow (CVE-ID: CVE-2012-3480)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long string, which triggers a stack-based buffer overflow. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2012-4412)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier. A remote attacker can use a long string to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2012-4424)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long string that triggers a malloc failure and use of the alloca function. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Input validation error (CVE-ID: CVE-2012-6656)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
8) Buffer overflow (CVE-ID: CVE-2013-0242)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
9) Stack-based buffer overflow (CVE-ID: CVE-2013-1914)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the getaddrinfo function in sysdeps/posix/getaddrinfo.c when processing a (1) hostname or (2) IP address that triggers a large number of domain conversion results. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2207)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
11) Buffer overflow (CVE-ID: CVE-2013-4237)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
12) Resource exhaustion (CVE-ID: CVE-2013-4332)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2013-4458)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results.
14) Input validation error (CVE-ID: CVE-2013-4788)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. Additional information that was taken into consideration while scoring: https://bugzilla.redhat.com/show_bug.cgi?id=985625
15) Code Injection (CVE-ID: CVE-2014-4043)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
16) Out-of-bounds write (CVE-ID: CVE-2015-0235)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc. A remote attacker can execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function.
Remediation
Install update from vendor's website.