[security-announce] eglibc: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Feb 19 14:05:20 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: eglibc
Severity: Important
Issue date: 2015-02-19
CVE Names:  CVE-2014-5119
=========================================================
A security patch that fixes an off-by-one heap-based buffer
overflow flaw in eglibc's internal __gconv_translit_find()
function is now available at http://linux.enea.com/4.0/patches:

README file: 0041-eglibc-CVE-2014-5119.README
Patch file:  0041-eglibc-CVE-2014-5119.patch

Description
===========
Off-by-one error in the __gconv_translit_find function in
gconv_trans.c in GNU C Library (aka glibc) allows context-dependent
attackers to cause a denial of service (crash) or execute arbitrary
code via vectors related to the CHARSET environment variable and gconv
transliteration modules.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119
https://sourceware.org/bugzilla/show_bug.cgi?id=17187

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
wget http://linux.enea.com/4.0/patches/0041-eglibc-CVE-2014-5119.patch
patch -p1 < ./0041-eglibc-CVE-2014-5119.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU5d+QAAoJEHc+9u9ocWoUEXYQAI7uPYrTMHW47jwKI0dMkjE6
uVbrPFgwEehZzfJ9kNn+Pr2/GPD1d+gVry2tGq1GTuorANerrAPBu2Xrbk+P1dnx
8GLpyhDVeyOGODkSlxiTRAyTqK2+3Zw4sY4wq65+07eegqteUAFAUyKg21n7bQLp
nM40/6dz/tyuGCk94yfX4gru32OKjwqTswVf1VTTQlOUchAxgx6bv2Mj0q1bJpP3
3JysRn2rf8fZjx68qNa1ixh3GgM40VrnQX0o837O0aZ1hJFLxrsMBcLbwXOiWj2y
oW8vLAhAcSJnFZwmCLpMSNsR9Ks/cAi06qtAzbAsFuUjIEKcHoSn2Czh45JQG6cP
G7VqjZ+nv4aBkzMBUQSYZGYX5bI8R2KnxW3XTyD1GBe0Nlfg6UFub9799Tu2okGu
nFjcVoTx3eIlpLaBLP0G9m4nVZ4pN6GNdrtqbomzgvnrcpLFzEHd8HNJLIOcbiei
4aqRAXnYJQFERhfdMIvxpDfKev+NpQbmCVyH8ArDxwkq4O+zPA23OGXThCNBe6KH
JxZ2dY76mqrIs+KB7bBpnmOFvIbNtNhsSyInxcnT4QV2D+TYVIZs2F/bEb1UuPBe
SZx5FGKmmOt77QgN56NaZjvApZRE+xZd6qWN3jGCpS62blD3U4Y6u9Hvzo6r6rjj
1bQFbM5PiM+oyNNm7E0G
=bdbb
-----END PGP SIGNATURE-----



More information about the security-announce mailing list