Bugzilla – Bug 894553
VUL-1: CVE-2014-6040: glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
Last modified: 2019-05-01 16:18:26 UTC
via oss-sec https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html Florian Weimer noted: "These crashers are out-of-bounds reads at a fixed offset relative to the data segment of a DSO, and in all cases I've seen, they were right in the middle of an unmapped segment of the same DSO. This means that these bugs are just crashers, but they can still result in denial-of-service conditions." Reference: http://seclists.org/oss-sec/2014/q3/466 References: https://bugzilla.redhat.com/show_bug.cgi?id=1135841
Affected packages: SLE-10-SP3-TERADATA: glibc SLE-11-SP3: glibc SLE-11-SP3-PRODUCTS: glibc SLE-11-SP3-UPTU: glibc
This is an autogenerated message for OBS integration: This bug (894553) was mentioned in https://build.opensuse.org/request/show/247224 Factory / glibc
bugbot adjusting priority
openSUSE-SU-2014:1115-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 887022,892073,894553 CVE References: CVE-2014-0475,CVE-2014-5119,CVE-2014-6040 Sources used: openSUSE 13.1 (src): glibc-2.18-4.21.1, glibc-testsuite-2.18-4.21.2, glibc-utils-2.18-4.21.1 openSUSE 12.3 (src): glibc-2.17-4.13.1, glibc-testsuite-2.17-4.13.2, glibc-utils-2.17-4.13.1
SUSE-SU-2014:1128-1: An update that solves 6 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 779320,801246,824639,834594,839870,842291,860501,882600,892073,894553,894556 CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2014-4043,CVE-2014-5119 Sources used: SUSE Linux Enterprise Server 10 SP3 LTSS (src): glibc-2.4-31.77.112.1
SUSE-SU-2014:1129-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 836746,844309,892073,894553,894556 CVE References: CVE-2012-6656,CVE-2013-4357,CVE-2014-5119,CVE-2014-6040 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): glibc-2.11.3-17.45.53.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-05. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60374
SUSE-SU-2015:0164-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 844309,888860,894553,894556,909053 CVE References: CVE-2012-6656,CVE-2013-4357,CVE-2014-6040 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): glibc-2.11.1-0.62.1
SUSE-SU-2015:0170-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 844309,882600,894553,894556 CVE References: CVE-2012-6656,CVE-2013-4357,CVE-2014-6040 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): glibc-2.4-31.115.2
released all of them now.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60512
SUSE-SU-2015:0253-1: An update that solves two vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 864081,891843,894553,894556,903288,909053 CVE References: CVE-2012-6656,CVE-2014-6040 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): glibc-2.11.3-17.80.3 SUSE Linux Enterprise Server 11 SP3 for VMware (src): glibc-2.11.3-17.80.3 SUSE Linux Enterprise Server 11 SP3 (src): glibc-2.11.3-17.80.3 SUSE Linux Enterprise Desktop 11 SP3 (src): glibc-2.11.3-17.80.3