Oval Definition:oval:org.mitre.oval:def:21252
Revision Date:2014-02-24Version:35
Title:RHSA-2012:1098: glibc security and bug fix update (Moderate)
Description:The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2012:1098
CVE-2012-3404
CVE-2012-3405
CVE-2012-3406
RHSA-2012:1098-01
Platform(s):CentOS Linux 6
Red Hat Enterprise Linux 6
Product(s):glibc
Definition Synopsis
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • glibc-devel is earlier than 0:2.12-1.80.el6_3.3
  • OR glibc-utils is earlier than 0:2.12-1.80.el6_3.3
  • OR glibc is earlier than 0:2.12-1.80.el6_3.3
  • OR nscd is earlier than 0:2.12-1.80.el6_3.3
  • OR glibc-static is earlier than 0:2.12-1.80.el6_3.3
  • OR glibc-common is earlier than 0:2.12-1.80.el6_3.3
  • OR glibc-headers is earlier than 0:2.12-1.80.el6_3.3
    • BACK