Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1135841 - (CVE-2014-6040) CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, I...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140828,repor...
: Security
Depends On: 1127381 1135842 1139571 1140474 1172044
Blocks: 1121513 1135843 1157695
  Show dependency treegraph
 
Reported: 2014-08-31 22:28 EDT by Murray McAllister
Modified: 2015-07-31 03:25 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-06 05:34:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 17325 None None None Never
Red Hat Product Errata RHSA-2015:0016 normal SHIPPED_LIVE Moderate: glibc security and bug fix update 2015-01-07 17:17:41 EST
Red Hat Product Errata RHSA-2015:0327 normal SHIPPED_LIVE Moderate: glibc security and bug fix update 2015-03-05 07:10:38 EST

  None (edit)
Description Murray McAllister 2014-08-31 22:28:05 EDT 
Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364):

https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html

Florian Weimer noted:

"These crashers are out-of-bounds reads at a fixed offset relative to the data segment of a DSO, and in all cases I've seen, they were right in the middle of an unmapped segment of the same DSO. This means that these bugs are just crashers, but they can still result in denial-of-service conditions."

Reference:

http://seclists.org/oss-sec/2014/q3/466
Comment 1 Murray McAllister 2014-08-31 22:28:52 EDT 
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1135842]
Comment 2 Murray McAllister 2014-09-02 02:02:01 EDT 
MITRE assigned CVE-2014-6040 to these issues:

http://www.openwall.com/lists/oss-security/2014/09/02/1
Comment 4 Florian Weimer 2014-09-04 14:10:51 EDT 
Possible mitigation: Remove the DSOs with the affected gconv modules if they are not needed:

/usr/lib/gconv/IBM932.so
/usr/lib/gconv/IBM933.so
/usr/lib/gconv/IBM935.so
/usr/lib/gconv/IBM937.so
/usr/lib/gconv/IBM939.so
/usr/lib/gconv/IBM1364.so
/usr/lib/gconv/IBM1371.so
/usr/lib/gconv/IBM1388.so
/usr/lib/gconv/IBM1390.so
/usr/lib/gconv/IBM1399.so

/usr/lib64/gconv/IBM932.so
/usr/lib64/gconv/IBM933.so
/usr/lib64/gconv/IBM935.so
/usr/lib64/gconv/IBM937.so
/usr/lib64/gconv/IBM939.so
/usr/lib64/gconv/IBM1364.so
/usr/lib64/gconv/IBM1371.so
/usr/lib64/gconv/IBM1388.so
/usr/lib64/gconv/IBM1390.so
/usr/lib64/gconv/IBM1399.so

IBM930 is not affected (see https://bugzilla.redhat.com/show_bug.cgi?id=1135840).
Comment 7 Florian Weimer 2014-11-14 08:26:28 EST 
Upstream commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=41488498b6
Comment 8 Huzaifa S. Sidhpurwala 2014-11-27 00:19:46 EST 
Statement:

This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5.

Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata
Comment 14 errata-xmlrpc 2015-01-07 12:18:08 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:0016 https://rhn.redhat.com/errata/RHSA-2015-0016.html
Comment 15 Fedora Update System 2015-03-04 05:25:25 EST 
glibc-2.18-19.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 errata-xmlrpc 2015-03-05 02:18:07 EST 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0327 https://rhn.redhat.com/errata/RHSA-2015-0327.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.