Rapid7 Vulnerability & Exploit Database

RHSA-2012:0393: glibc security and bug fix update

Back to Search

RHSA-2012:0393: glibc security and bug fix update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
03/15/2012
Created
07/25/2018
Added
03/23/2012
Modified
07/04/2017

Description

The glibc packages provide the standard C and standard math libraries usedby multiple programs on the system. Without these libraries, the Linuxsystem cannot function correctly.An integer overflow flaw was found in the implementation of the printffunctions family. This could allow an attacker to bypass FORTIFY_SOURCEprotections and execute arbitrary code using a format string flaw inan application, even though these protections are expected to limit theimpact of such flaws to an application abort. (CVE-2012-0864)This update also fixes the following bugs:All users of glibc are advised to upgrade to these updated packages, whichcontain patches to resolve these issues.

Solution(s)

  • redhat-upgrade-glibc
  • redhat-upgrade-glibc-common
  • redhat-upgrade-glibc-debuginfo
  • redhat-upgrade-glibc-debuginfo-common
  • redhat-upgrade-glibc-devel
  • redhat-upgrade-glibc-headers
  • redhat-upgrade-glibc-static
  • redhat-upgrade-glibc-utils
  • redhat-upgrade-nscd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;