Rapid7 Vulnerability & Exploit Database

RHSA-2012:0397: glibc security update

Back to Search

RHSA-2012:0397: glibc security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
03/19/2012
Created
07/25/2018
Added
03/30/2012
Modified
07/04/2017

Description

The glibc packages provide the standard C and standard math libraries usedby multiple programs on the system. Without these libraries, the Linuxsystem cannot function correctly.An integer overflow flaw was found in the implementation of the printffunctions family. This could allow an attacker to bypass FORTIFY_SOURCEprotections and execute arbitrary code using a format string flaw in anapplication, even though these protections are expected to limit the impactof such flaws to an application abort. (CVE-2012-0864)All users of glibc are advised to upgrade to these updated packages, whichcontain a patch to resolve this issue.

Solution(s)

  • redhat-upgrade-glibc
  • redhat-upgrade-glibc-common
  • redhat-upgrade-glibc-debuginfo
  • redhat-upgrade-glibc-debuginfo-common
  • redhat-upgrade-glibc-devel
  • redhat-upgrade-glibc-headers
  • redhat-upgrade-glibc-utils
  • redhat-upgrade-nscd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;