Launchpad has imported 7 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=855385.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2012-09-07T14:59:00+00:00 Jan wrote:
An integer overflow, leading to buffer overflow flaw was found in the
way the implementation of strcoll() routine, used to compare two strings
based on the current locale, of glibc, the GNU libc libraries, performed
calculation of memory requirements / allocation, needed for storage of
the strings. If an application linked against glibc was missing an
application-level sanity checks for validity of strcoll() arguments and
accepted untrusted input, an attacker could use this flaw to cause the
particular application to crash or, potentially, execute arbitrary code
with the privileges of the user running the application.
Upstream bug report (including reproducer):
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/3
On 2012-09-07T15:31:44+00:00 Jan wrote:
CVE request:
[2] http://www.openwall.com/lists/oss-security/2012/09/07/9
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/4
On 2012-09-07T15:32:49+00:00 Jan wrote:
This issue affects the versions of the glibc package, as shipped with
Red Hat Enterprise Linux 5 and 6.
--
This issue affects the versions of the glibc package, as shipped with
Fedora release of 16 and 17. Please schedule an update (once there is
final upstream patch available).
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/5
On 2012-09-07T15:34:15+00:00 Jan wrote:
Created glibc tracking bugs for this issue
Affects: fedora-all [bug 855399]
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/6
On 2012-09-07T17:29:07+00:00 Jan wrote:
The CVE identifier of CVE-2012-4412 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2012/09/07/12
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/7
On 2013-08-22T00:49:36+00:00 Fedora wrote:
glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository.
If problems still persist, please make note of it in this bug report.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/14
On 2013-09-05T09:05:48+00:00 Huzaifa wrote:
Statement:
This issue affects the version of glibc as shipped with Red Hat
Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated
this issue as having moderate security impact, a future update may
address this flaw.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/15
** Changed in: fedora
Status: Unknown => Confirmed
** Changed in: fedora
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1048203
Title:
(CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer
overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1048203/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
