| Errata ID | 309 |
|---|---|
| Date | 2015-03-25 |
| Source package | eglibc |
| Fixed in version | 2.11.3-4.23.201503110900 |
| Description | Multiple vulnerabilities have been found in eglibc: * Incorrect memory management using alloca() (CVE-2012-3405, CVE-2012-3406) * Integeroverflows in strto() (CVE-2012-3480) * Stack overflow in strcoll() (CVE-2012-4424) * Integer overflow in strcoll() (CVE-2012-4412) * Denial of service when processing regular expressions with multibyte characters (CVE-2013-0242) * Stack overflow in getaddrinfo() (CVE-2013-1914) * PTR_MANGLE encrypts pointers as a countermeasure against buffer overflows. When linking statically, this mangling didn't work correctly (CVE-2013-4788) * Missing sanitising for path length in readdir_r() (CVE-2013-4237) * Multiple integer overflows in pvalloc(), valloc() and posix_memalign /memalign/aligned_alloc() (CVE-2013-4332) * Stack overflow in getaddrinfo() (CVE-2013-4357) * Stack frame overflow in getaddrinfo() for Ipv6 sockets (CVE-2013-4458) * posix_spawn_file_actions_addopen() fails to copy the path argument (CVE-2014-4043) * During high load getaddrinfo() may send DNS queries to random fds (CVE-2013-7423) * Memory corruption in getaddrinfo() if the AI_IDN flag is used (CVE-2013-7424) |
| Additional notes | |
| CVE ID | CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2012-4424 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4788 CVE-2013-4237 CVE-2013-4332 CVE-2013-4357 CVE-2013-4458 CVE-2014-4043 CVE-2013-7423 CVE-2013-7424 |
| UCS Bug number | #37644 |
