894556 – (CVE-2012-6656) VUL-1: CVE-2012-6656: glibc: crash in IBM930 decoding

Bug 894556 (CVE-2012-6656) - VUL-1: CVE-2012-6656: glibc: crash in IBM930 decoding

Summary: VUL-1: CVE-2012-6656: glibc: crash in IBM930 decoding

Status:	RESOLVED FIXED

Alias:	CVE-2012-6656

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Deadline:	2015-02-16
Assignee:	Andreas Schwab
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/105478/
Whiteboard:	maint:running:58715:important maint:r...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-09-02 07:45 UTC by Marcus Meissner
Modified:	2019-05-01 16:18 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-09-02 07:45:47 UTC

via oss-sec

In 2012, a crasher in IBM930 decoding was reported and fixed:

<https://sourceware.org/bugzilla/show_bug.cgi?id=14134>
<https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=6e230d11837f3a>

This change went into glibc 2.16.

Comment 1 SMASH SMASH 2014-09-02 07:50:12 UTC

Affected packages:

SLE-10-SP3-TERADATA: glibc
SLE-11-SP3: glibc, glibc.i686
SLE-11-SP3-PRODUCTS: glibc, glibc.i686
SLE-11-SP3-UPTU: glibc, glibc.i686

Comment 2 Swamp Workflow Management 2014-09-02 22:00:20 UTC

bugbot adjusting priority

Comment 5 Swamp Workflow Management 2014-09-15 17:06:34 UTC

SUSE-SU-2014:1128-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 779320,801246,824639,834594,839870,842291,860501,882600,892073,894553,894556
CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2014-4043,CVE-2014-5119
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    glibc-2.4-31.77.112.1

Comment 6 Swamp Workflow Management 2014-09-15 17:07:44 UTC

SUSE-SU-2014:1129-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 836746,844309,892073,894553,894556
CVE References: CVE-2012-6656,CVE-2013-4357,CVE-2014-5119,CVE-2014-6040
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    glibc-2.11.3-17.45.53.1

Comment 9 Swamp Workflow Management 2015-01-22 17:15:19 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-02-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60374

Comment 11 Swamp Workflow Management 2015-01-29 00:05:39 UTC

SUSE-SU-2015:0164-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 844309,888860,894553,894556,909053
CVE References: CVE-2012-6656,CVE-2013-4357,CVE-2014-6040
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    glibc-2.11.1-0.62.1

Comment 12 Swamp Workflow Management 2015-01-29 05:05:37 UTC

SUSE-SU-2015:0170-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 844309,882600,894553,894556
CVE References: CVE-2012-6656,CVE-2013-4357,CVE-2014-6040
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    glibc-2.4-31.115.2

Comment 13 Marcus Meissner 2015-01-29 07:06:54 UTC

released all of them now

Comment 14 Swamp Workflow Management 2015-02-02 13:07:57 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-02-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60512

Comment 15 Swamp Workflow Management 2015-02-11 00:05:41 UTC

SUSE-SU-2015:0253-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 864081,891843,894553,894556,903288,909053
CVE References: CVE-2012-6656,CVE-2014-6040
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    glibc-2.11.3-17.80.3
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    glibc-2.11.3-17.80.3
SUSE Linux Enterprise Server 11 SP3 (src):    glibc-2.11.3-17.80.3
SUSE Linux Enterprise Desktop 11 SP3 (src):    glibc-2.11.3-17.80.3