MDVSA-2013:284 -- Mandriva glibcID: oval:org.secpod.oval:def:1300246 | Date: (C)2013-12-10 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was found and corrected in glibc: Integer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow . Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function . Multiple integer overflows in malloc/malloc.c in the GNU C Library 2.18 and earlier allow context-dependent attackers to cause a denial of service via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions . A stack overflow flaw, which led to a denial of service , was found in the way glibc's getaddrinfo function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC . The PTR_MANGLE implementation in the GNU C Library 2.4, 2.17, and earlier, and Embedded GLIBC does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |