[Touch-packages] [Bug 1048203] Re: (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow

[Bug Watch Updater]

** Changed in: fedora
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1048203

Title:
  (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer
  overflow

Status in GLibC:
  Fix Released
Status in eglibc package in Ubuntu:
  Fix Released
Status in eglibc package in Debian:
  Fix Released
Status in Fedora:
  Won't Fix
Status in Gentoo Linux:
  Fix Released

Bug description:
  An integer overflow, leading to buffer overflow flaw was found in the
  way the implementation of strcoll() routine, used to compare two
  strings based on the current locale, of glibc, the GNU libc libraries,
  performed calculation of memory requirements / allocation, needed for
  storage of the strings. If an application linked against glibc was
  missing an application-level sanity checks for validity of strcoll()
  arguments and accepted untrusted input, an attacker could use this
  flaw to cause the particular application to crash or, potentially,
  execute arbitrary code with the privileges of the user running the
  application.

  Upstream bug report (including reproducer):
  [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1048203/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1048203] Re: (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow

[Bug Watch Updater]

Launchpad has imported 7 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=855385.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-09-07T14:59:00+00:00 Jan wrote:

An integer overflow, leading to buffer overflow flaw was found in the
way the implementation of strcoll() routine, used to compare two strings
based on the current locale, of glibc, the GNU libc libraries, performed
calculation of memory requirements / allocation, needed for storage of
the strings. If an application linked against glibc was missing an
application-level sanity checks for validity of strcoll() arguments and
accepted untrusted input, an attacker could use this flaw to cause the
particular application to crash or, potentially, execute arbitrary code
with the privileges of the user running the application.

Upstream bug report (including reproducer):
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/3


On 2012-09-07T15:31:44+00:00 Jan wrote:

CVE request:
[2] http://www.openwall.com/lists/oss-security/2012/09/07/9

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/4


On 2012-09-07T15:32:49+00:00 Jan wrote:

This issue affects the versions of the glibc package, as shipped with
Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the glibc package, as shipped with
Fedora release of 16 and 17. Please schedule an update (once there is
final upstream patch available).

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/5


On 2012-09-07T15:34:15+00:00 Jan wrote:

Created glibc tracking bugs for this issue

Affects: fedora-all [bug 855399]

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/6


On 2012-09-07T17:29:07+00:00 Jan wrote:

The CVE identifier of CVE-2012-4412 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2012/09/07/12

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/7


On 2013-08-22T00:49:36+00:00 Fedora wrote:

glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository.
If problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/14


On 2013-09-05T09:05:48+00:00 Huzaifa wrote:

Statement:

This issue affects the version of glibc as shipped with Red Hat
Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated
this issue as having moderate security impact, a future update may
address this flaw.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1048203/comments/15


** Changed in: fedora
   Status: Unknown => Confirmed

** Changed in: fedora
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1048203

Title:
  (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer
  overflow

Status in GLibC:
  Fix Released
Status in eglibc package in Ubuntu:
  Fix Released
Status in eglibc package in Debian:
  Fix Released
Status in Fedora:
  Confirmed
Status in Gentoo Linux:
  Fix Released

Bug description:
  An integer overflow, leading to buffer overflow flaw was found in the
  way the implementation of strcoll() routine, used to compare two
  strings based on the current locale, of glibc, the GNU libc libraries,
  performed calculation of memory requirements / allocation, needed for
  storage of the strings. If an application linked against glibc was
  missing an application-level sanity checks for validity of strcoll()
  arguments and accepted untrusted input, an attacker could use this
  flaw to cause the particular application to crash or, potentially,
  execute arbitrary code with the privileges of the user running the
  application.

  Upstream bug report (including reproducer):
  [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1048203/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : 

[Touch-packages] [Bug 1048203] Re: (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow

[Bug Watch Updater]

** Changed in: gentoo
   Status: Unknown = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1048203

Title:
  (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer
  overflow

Status in The GNU C Library:
  Fix Released
Status in eglibc package in Ubuntu:
  Fix Released
Status in eglibc package in Debian:
  Fix Released
Status in Fedora:
  Unknown
Status in Gentoo Linux:
  Fix Released

Bug description:
  An integer overflow, leading to buffer overflow flaw was found in the
  way the implementation of strcoll() routine, used to compare two
  strings based on the current locale, of glibc, the GNU libc libraries,
  performed calculation of memory requirements / allocation, needed for
  storage of the strings. If an application linked against glibc was
  missing an application-level sanity checks for validity of strcoll()
  arguments and accepted untrusted input, an attacker could use this
  flaw to cause the particular application to crash or, potentially,
  execute arbitrary code with the privileges of the user running the
  application.

  Upstream bug report (including reproducer):
  [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/1048203/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp