Bug 1007545 (CVE-2013-4332)
Summary: | CVE-2013-4332 glibc: three integer overflows in memory allocator | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ashankar, codonell, fweimer, jakub, jkurik, law, mfranc, pfrankli, pfrields, schwab, spoyarek |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-22 06:06:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1008298, 1008299, 1008310, 1011804, 1011805 | ||
Bug Blocks: | 974906, 1007547 |
Description
Vincent Danen
2013-09-12 18:06:03 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1008299] The glibc team is aware of this bug and will be backporting the upstream fixes. glibc-2.18-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. glibc-2.17-18.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1411 https://rhn.redhat.com/errata/RHSA-2013-1411.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html |