SUSE-SU-2015:0170-1: moderate: Security update for glibc

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jan 28 22:04:52 MST 2015


   SUSE Security Update: Security update for glibc
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0170-1
Rating:             moderate
References:         #844309 #882600 #894553 #894556 
Cross-References:   CVE-2012-6656 CVE-2013-4357 CVE-2014-6040
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:


   glibc has been updated to fix security issues:

       * Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
         CVE-2012-6656, bsc#894553, bsc#894556, GLIBC BZ #17325, GLIBC BZ
         #14134)
       * Fixed a stack overflow during hosts parsing (CVE-2013-4357)
       * Copy filename argument in posix_spawn_file_actions_addopen
         (CVE-2014-4043, bsc#882600, BZ #17048)

   Security Issues:

       * CVE-2014-6040
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040>
       * CVE-2012-6656
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656>
       * CVE-2013-4357
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357>



Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 i686 s390x x86_64):

      glibc-2.4-31.115.2
      glibc-devel-2.4-31.115.2

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

      glibc-html-2.4-31.115.2
      glibc-i18ndata-2.4-31.115.2
      glibc-info-2.4-31.115.2
      glibc-locale-2.4-31.115.2
      glibc-profile-2.4-31.115.2
      nscd-2.4-31.115.2

   - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):

      glibc-32bit-2.4-31.115.2
      glibc-devel-32bit-2.4-31.115.2
      glibc-locale-32bit-2.4-31.115.2
      glibc-profile-32bit-2.4-31.115.2


References:

   http://support.novell.com/security/cve/CVE-2012-6656.html
   http://support.novell.com/security/cve/CVE-2013-4357.html
   http://support.novell.com/security/cve/CVE-2014-6040.html
   https://bugzilla.suse.com/show_bug.cgi?id=844309
   https://bugzilla.suse.com/show_bug.cgi?id=882600
   https://bugzilla.suse.com/show_bug.cgi?id=894553
   https://bugzilla.suse.com/show_bug.cgi?id=894556
   http://download.suse.com/patch/finder/?keywords=1ccbe69cba5cc8835258525263c85657



More information about the sle-security-updates mailing list