You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa glibc

Sigurnosni nedostaci programskog paketa glibc

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2014-08-28 14:38:55

Name : glibc
Product : Fedora 20
Version : 2.18
Release : 14.fc20
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

Update Information:

* Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain “..” path components. (CVE-2014-0475) Previously, some valid locale names were silently replaced with the “C” locale when running in AT_SECURE mode (e.g., in a SUID program). This is no longer necessary because of the additional checks.

* Support for loadable gconv transliteration modules has been removed because it did not work at all. Regular gconv conversion modules are still supported. (CVE-2014-5119)

* Tue Aug 26 2014 Siddhesh Poyarekar <> – 2.18-14
– Remove gconv transliteration loadable modules support (CVE-2014-5119,
– _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
* Thu Feb 6 2014 Siddhesh Poyarekar <> – 2.18-13
– Add pointer mangling support for ARM (#1019452).
* Thu Jan 23 2014 Siddhesh Poyarekar <> – 2.18-12
– Use first name entry for address in /etc/hosts as the canonical name
in getaddrinfo (#1047979).
– Fix parsing of 0e+0 as float (#1055613).

[ 1 ] Bug #1129743 – CVE-2014-5119 glibc: out-of-bounds NUL write in iconv_open
[ 2 ] Bug #1102353 – CVE-2014-0475 glibc: directory traversal in LC_* locale handling

This update can be installed with the “yum” update program. Use
su -c ‘yum update glibc’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2014-08-0007-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa gtk3

Otkriven je sigurnosni nedostatak u programskom paketu gtk3 za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje preuzimanje zaključane sesije....