It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). A remote attacker could provide a specially crafted sequence of format specifiers, leading to a crash or, potentially, FORTIFY_SOURCE format string protection mechanism bypass, when processed.
Created attachment 594722 [details] RHEL6 patch backports and test cases
Created attachment 594727 [details] RHEL5 patch backport and test case
Pulic now/CVEs requested via: http://www.openwall.com/lists/oss-security/2012/07/11/5
A CVE identifier of CVE-2012-3406 has been assigned to this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1098 https://rhn.redhat.com/errata/RHSA-2012-1098.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1097 https://rhn.redhat.com/errata/RHSA-2012-1097.html
Created glibc tracking bugs for this issue Affects: fedora-all [bug 841318]
This issue has been addressed in following products: RHEV-H, V2V and Agents for RHEL-5 Via RHSA-2012:1185 https://rhn.redhat.com/errata/RHSA-2012-1185.html
This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2012:1200 https://rhn.redhat.com/errata/RHSA-2012-1200.html