Skip to navigation

Security Advisory Moderate: glibc security and bug fix update

Advisory: RHSA-2013:1411-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-10-08
Last updated on: 2013-10-08
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2013-4332

Details

Updated glibc packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name Server
Caching Daemon (nscd) used by multiple programs on the system. Without
these libraries, the Linux system cannot function correctly.

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in glibc's memory allocator functions (pvalloc, valloc, and
memalign). If an application used such a function, it could cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2013-4332)

This update also fixes the following bug:

* Prior to this update, the size of the L3 cache in certain CPUs for SMP
(Symmetric Multiprocessing) servers was not correctly detected. The
incorrect cache size detection resulted in less than optimal performance
for routines that used this information, including the memset() function.
To fix this bug, the cache size detection has been corrected and core
routines including memset() have their performance restored to expected
levels. (BZ#1011424)

All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
glibc-2.5-118.el5_10.2.src.rpm     MD5: 836267d62c104346d2210ada7278a840
SHA-256: b160ec98996828b65acbf55344358b7a1e581fc5c3980fa539bfb36266706ca1
 
IA-32:
glibc-2.5-118.el5_10.2.i386.rpm     MD5: 57e6d5f5fde4053464d799b767997199
SHA-256: efdeb71b07882d49ebc7caef04b80c1d54a00fdab4250e5c63924d9d9e59d611
glibc-2.5-118.el5_10.2.i686.rpm     MD5: 85b210bb9d5abb77ae0cfc0a052abb78
SHA-256: 3e359e84817de6602001f30dcbb92e58a7b7e516147c1f0c8068469810bb4ab7
glibc-common-2.5-118.el5_10.2.i386.rpm     MD5: fd67284fa7a28b1c77b58f9109f96461
SHA-256: 7ddab5c3fcbd1cc5a5ac79f2f0649d774b432c9f5e12d66f31bd6e502bc35d7c
glibc-debuginfo-2.5-118.el5_10.2.i386.rpm     MD5: 01d56908ae90abfa419054e7940130a6
SHA-256: 6e2ad16af851d6e554dd313741335c2a1d6b4ad7ac9cb21bd79f687f168955b2
glibc-debuginfo-2.5-118.el5_10.2.i686.rpm     MD5: c60135e12d1e9acc821677dbf6078284
SHA-256: 77cda6258a9ba433bcd4f0621caa1b6552a404776f8c53b4e16dfafbbe267e32
glibc-debuginfo-common-2.5-118.el5_10.2.i386.rpm     MD5: 1ab51a2e388e62dcc3ec022c8a61ff00
SHA-256: 9a633e999df5349d51cfe3f018c60e07748b0b5e610cce3b3baa15d3299cc0d6
glibc-devel-2.5-118.el5_10.2.i386.rpm     MD5: 3c2cc60c696fe4870fa2a7a83521c992
SHA-256: 3e2cb23f27a093a60d861669344c6c4ca24dca69c7b9f5cae360f83e703116fb
glibc-headers-2.5-118.el5_10.2.i386.rpm     MD5: 1204ba2477f29db0282fca26989b51f5
SHA-256: fda65fea21335cd04ed89a170d777a4a4b81b2176dabbdef9db2506b97466d51
glibc-utils-2.5-118.el5_10.2.i386.rpm     MD5: 97ede33ccc0b0939b1b5c9de9034d00d
SHA-256: 5832b32d26272650a8aa6c922700cd8903843348e84d96bcff5826636e3798b0
nscd-2.5-118.el5_10.2.i386.rpm     MD5: 24f34013f3cca09eca8b51074d3089d0
SHA-256: ad255768cdd1ba636594225dc077242586ad92d638cdfc60c5eda57ebd613319
 
IA-64:
glibc-2.5-118.el5_10.2.i686.rpm     MD5: 85b210bb9d5abb77ae0cfc0a052abb78
SHA-256: 3e359e84817de6602001f30dcbb92e58a7b7e516147c1f0c8068469810bb4ab7
glibc-2.5-118.el5_10.2.ia64.rpm     MD5: 0d5ef7aa20d7dbad7d1512b2645bd0a1
SHA-256: 1b3f4f2614e5e3be3fa0d00b4be72745e83927f5ce5af1ea3d085edeb6e762c8
glibc-common-2.5-118.el5_10.2.ia64.rpm     MD5: dc5ba4b5f660c29e371b2fa09abc73c4
SHA-256: c3f967a27f2e08ec51436d904bced43670d239f17996f9b4e8e927ae0023c481
glibc-debuginfo-2.5-118.el5_10.2.i686.rpm     MD5: c60135e12d1e9acc821677dbf6078284
SHA-256: 77cda6258a9ba433bcd4f0621caa1b6552a404776f8c53b4e16dfafbbe267e32
glibc-debuginfo-2.5-118.el5_10.2.ia64.rpm     MD5: d1ef7aeffeaaad4b21cb734c3c33e5bb
SHA-256: 890feb2e4eb91b02509a8544dc3b482f183d24428974321d1088c7b3d94ec946
glibc-debuginfo-common-2.5-118.el5_10.2.i386.rpm     MD5: 1ab51a2e388e62dcc3ec022c8a61ff00
SHA-256: 9a633e999df5349d51cfe3f018c60e07748b0b5e610cce3b3baa15d3299cc0d6
glibc-devel-2.5-118.el5_10.2.ia64.rpm     MD5: 1d25c41f2f6a2097f61226650474c139
SHA-256: 7bfe599a9eb672c8476a9f5bb05090d51a514e29de712b3cb1cf4085b4b3b52c
glibc-headers-2.5-118.el5_10.2.ia64.rpm     MD5: 8dd6ae17dbde7b5dcf34eaf0242e72cb
SHA-256: 713d0c672dc088e3e1150bcfe2eef95a38f3318697e47008d4b88a894a0ef663
glibc-utils-2.5-118.el5_10.2.ia64.rpm     MD5: 32af2b93b403142ba26419518067ffa3
SHA-256: bdb9a3f384d7e0e9aeb5e4c23992a722eae01cb3cc8455f58e99d0a434f1dbe1
nscd-2.5-118.el5_10.2.ia64.rpm     MD5: 23511c3f1b3c1341cdaccbcd13ae552f
SHA-256: 03f05a99f473d9d12fddbaf5b1a5267004e5081376c32e98db8214c3aa0fbcfb
 
PPC:
glibc-2.5-118.el5_10.2.ppc.rpm     MD5: 7b88c198b48bb044ce1834f5078e7c6f
SHA-256: 64b8970d6051290bbfeff8a1a26b97577df786533963b7f11dc802b4f20e8c49
glibc-2.5-118.el5_10.2.ppc64.rpm     MD5: 427cea0fb9b0121ac38cf053e342c961
SHA-256: ba09d48a6f5f084184688321a92963ef44ceb5a3a7b0a4b12ddba2aa352d8671
glibc-common-2.5-118.el5_10.2.ppc.rpm     MD5: e95896d6fc4405fa9377c1011a819a6b
SHA-256: 603a10ea845460d8ad6fc6664e6a70ddc168d8f1c298b41f209281174c6d0153
glibc-debuginfo-2.5-118.el5_10.2.ppc.rpm     MD5: 6498e33804ec1d31ad3efc04bb4a80a1
SHA-256: 1dc0d1c4bedb6b250a98558e3c31bab1f914120a212bb8c2d0745dac24e7edac
glibc-debuginfo-2.5-118.el5_10.2.ppc64.rpm     MD5: fcc912e387a22e60114d4d47a87c5671
SHA-256: 31799f2603ab59b2a5a0f47102be1e627fc63de9a7fd160a95484e19d09e0d8e
glibc-devel-2.5-118.el5_10.2.ppc.rpm     MD5: 21e8bb37b86c963d85c6a983e091ac43
SHA-256: 5f8612935c5ad7fc85ffbc0c45ab1e7b5a91debe6ed00d117e10dae67d9b2061
glibc-devel-2.5-118.el5_10.2.ppc64.rpm     MD5: 46e80d95afd0580456981df4db842ad0
SHA-256: 60368db416d00b27c913864e296ea09a1d1ceb699d1e931733d19848ee9dcbe9
glibc-headers-2.5-118.el5_10.2.ppc.rpm     MD5: 8897107a719bbc18a3b74cb02632c56b
SHA-256: 6192977a11c4ab9aa9ff4ca26d623bffd2d1f42bd1d7369eccaab61bb02dea0a
glibc-utils-2.5-118.el5_10.2.ppc.rpm     MD5: b836c8e8f287d8676cf18ea51a42bce1
SHA-256: 1dab77ac1c48ac8755f6c27f1323189f434f27210a4cc1e048fb0850668b4b10
nscd-2.5-118.el5_10.2.ppc.rpm     MD5: feb19313dd7ba6728918be6eb8a5ef5d
SHA-256: 4a367c5f426e3086f2e64e4abd9269711e479def0fbf95fb2dd6c252f9a53ae5
 
s390x:
glibc-2.5-118.el5_10.2.s390.rpm     MD5: 99292b9c07d95d6c412fc7e0b8bb234e
SHA-256: 2b9046e718b58f6fab43db16d7625d510db447fad0a80b6cb050383ad86f6572
glibc-2.5-118.el5_10.2.s390x.rpm     MD5: e2098e0eaebe1d60761a1a6c245b4839
SHA-256: b9bb770bcdfdba5259200258e8c80baf78bf06d851983901806daf9c03774116
glibc-common-2.5-118.el5_10.2.s390x.rpm     MD5: a0ee8c4517243e7efca57afdfe8751d4
SHA-256: 2efabc4212c4c51eb29080b73a0b1f53a9fefc2b85ee310e4ab4ce1985d9a4bb
glibc-debuginfo-2.5-118.el5_10.2.s390.rpm     MD5: 8c1457f07416e650d8fe947d166afb02
SHA-256: ce438c1d6d3292a5911485e616836a872576c440eb242ae532b63d76a799585d
glibc-debuginfo-2.5-118.el5_10.2.s390x.rpm     MD5: 821a652ab105ecf9998616dcd3cb61bd
SHA-256: 834b99d35624578befcc28414fe7afeeb788849e79bce26eaa26fc80b4e0422d
glibc-devel-2.5-118.el5_10.2.s390.rpm     MD5: 53d17106742a18396e960ba1ce4b4870
SHA-256: 7e1e65ab0bdd1b611e2a0a45fca1d9a81887a6fdc3b431a5887ed8011ecfb93e
glibc-devel-2.5-118.el5_10.2.s390x.rpm     MD5: 7e888f679ae55f3d60348a72ab3e6317
SHA-256: 5f789a03b7cdaf4dffc84a6657f5cfe815de86d83f5cd0cfeb6cd947c8a8bde5
glibc-headers-2.5-118.el5_10.2.s390x.rpm     MD5: 3095a92e4e8b5b052ed5cd2b1b428516
SHA-256: a48453a2727d4f5de84ba9faadceb029f530509865222fb4a52c59a444109880
glibc-utils-2.5-118.el5_10.2.s390x.rpm     MD5: e06e55544127c4c25984d6272e561bcb
SHA-256: ff3e02e332f6d2f495c9ab131f8a19db052b1a815d3cbee6b517b1dd22383dbe
nscd-2.5-118.el5_10.2.s390x.rpm     MD5: ef4623a9189b1026b5ad9ea0883fc25c
SHA-256: cb51709592349348977e7d939dfe4403b9ad28fe5b9090d031de00d5399c2809
 
x86_64:
glibc-2.5-118.el5_10.2.i686.rpm     MD5: 85b210bb9d5abb77ae0cfc0a052abb78
SHA-256: 3e359e84817de6602001f30dcbb92e58a7b7e516147c1f0c8068469810bb4ab7
glibc-2.5-118.el5_10.2.x86_64.rpm     MD5: b42e4e7b7c90610ba5c929c170da6bba
SHA-256: 53a54baa5bbf36913d33bb5a4b3d80ef08da18ad43f9b432bfe37acdc540556a
glibc-common-2.5-118.el5_10.2.x86_64.rpm     MD5: d3914aaa16a991c5cf1e150d0cf418b2
SHA-256: b5f6e1bb21aba22130d8ca1da1c32e818e215b92fa6ff316dc7eaf8180f1f6c3
glibc-debuginfo-2.5-118.el5_10.2.i386.rpm     MD5: 01d56908ae90abfa419054e7940130a6
SHA-256: 6e2ad16af851d6e554dd313741335c2a1d6b4ad7ac9cb21bd79f687f168955b2
glibc-debuginfo-2.5-118.el5_10.2.i686.rpm     MD5: c60135e12d1e9acc821677dbf6078284
SHA-256: 77cda6258a9ba433bcd4f0621caa1b6552a404776f8c53b4e16dfafbbe267e32
glibc-debuginfo-2.5-118.el5_10.2.x86_64.rpm     MD5: b01f5a72bb496b08b52af547d100ddc8
SHA-256: 58c37072ccf850045c7af7f97ecc29d8a06fb779ad88eebd5ad68af89613a338
glibc-debuginfo-common-2.5-118.el5_10.2.i386.rpm     MD5: 1ab51a2e388e62dcc3ec022c8a61ff00
SHA-256: 9a633e999df5349d51cfe3f018c60e07748b0b5e610cce3b3baa15d3299cc0d6
glibc-devel-2.5-118.el5_10.2.i386.rpm     MD5: 3c2cc60c696fe4870fa2a7a83521c992
SHA-256: 3e2cb23f27a093a60d861669344c6c4ca24dca69c7b9f5cae360f83e703116fb
glibc-devel-2.5-118.el5_10.2.x86_64.rpm     MD5: d94a52c22e59a9c83318c19143067700
SHA-256: d8c0b41a0712a2b2b7a7b4f80588f65c9e2d78fb25698315303f824149099673
glibc-headers-2.5-118.el5_10.2.x86_64.rpm     MD5: 959bec6eaa50c35da1ddb94e0d62b00b
SHA-256: 27edc9cc623a659e8851c32b01e324a3556156023ceab95fa0be2e03e5e2e7e3
glibc-utils-2.5-118.el5_10.2.x86_64.rpm     MD5: a7a26cf14cd4030b2faff85e1964f287
SHA-256: ff49b047f41d823053fd79494e9f5f88b9f41983efc8c6a865f9a923c879aabf
nscd-2.5-118.el5_10.2.x86_64.rpm     MD5: 0c33be7de811d0cd2d3a1c648bfadbea
SHA-256: 7576d836ba88295aa1499e73622d84dc53011d619f263252a9737aacd1960bf4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
glibc-2.5-118.el5_10.2.src.rpm     MD5: 836267d62c104346d2210ada7278a840
SHA-256: b160ec98996828b65acbf55344358b7a1e581fc5c3980fa539bfb36266706ca1
 
IA-32:
glibc-2.5-118.el5_10.2.i386.rpm     MD5: 57e6d5f5fde4053464d799b767997199
SHA-256: efdeb71b07882d49ebc7caef04b80c1d54a00fdab4250e5c63924d9d9e59d611
glibc-2.5-118.el5_10.2.i686.rpm     MD5: 85b210bb9d5abb77ae0cfc0a052abb78
SHA-256: 3e359e84817de6602001f30dcbb92e58a7b7e516147c1f0c8068469810bb4ab7
glibc-common-2.5-118.el5_10.2.i386.rpm     MD5: fd67284fa7a28b1c77b58f9109f96461
SHA-256: 7ddab5c3fcbd1cc5a5ac79f2f0649d774b432c9f5e12d66f31bd6e502bc35d7c
glibc-debuginfo-2.5-118.el5_10.2.i386.rpm     MD5: 01d56908ae90abfa419054e7940130a6
SHA-256: 6e2ad16af851d6e554dd313741335c2a1d6b4ad7ac9cb21bd79f687f168955b2
glibc-debuginfo-2.5-118.el5_10.2.i686.rpm     MD5: c60135e12d1e9acc821677dbf6078284
SHA-256: 77cda6258a9ba433bcd4f0621caa1b6552a404776f8c53b4e16dfafbbe267e32
glibc-debuginfo-common-2.5-118.el5_10.2.i386.rpm     MD5: 1ab51a2e388e62dcc3ec022c8a61ff00
SHA-256: 9a633e999df5349d51cfe3f018c60e07748b0b5e610cce3b3baa15d3299cc0d6
glibc-devel-2.5-118.el5_10.2.i386.rpm     MD5: 3c2cc60c696fe4870fa2a7a83521c992
SHA-256: 3e2cb23f27a093a60d861669344c6c4ca24dca69c7b9f5cae360f83e703116fb
glibc-headers-2.5-118.el5_10.2.i386.rpm     MD5: 1204ba2477f29db0282fca26989b51f5
SHA-256: fda65fea21335cd04ed89a170d777a4a4b81b2176dabbdef9db2506b97466d51
glibc-utils-2.5-118.el5_10.2.i386.rpm     MD5: 97ede33ccc0b0939b1b5c9de9034d00d
SHA-256: 5832b32d26272650a8aa6c922700cd8903843348e84d96bcff5826636e3798b0
nscd-2.5-118.el5_10.2.i386.rpm     MD5: 24f34013f3cca09eca8b51074d3089d0
SHA-256: ad255768cdd1ba636594225dc077242586ad92d638cdfc60c5eda57ebd613319
 
x86_64:
glibc-2.5-118.el5_10.2.i686.rpm     MD5: 85b210bb9d5abb77ae0cfc0a052abb78
SHA-256: 3e359e84817de6602001f30dcbb92e58a7b7e516147c1f0c8068469810bb4ab7
glibc-2.5-118.el5_10.2.x86_64.rpm     MD5: b42e4e7b7c90610ba5c929c170da6bba
SHA-256: 53a54baa5bbf36913d33bb5a4b3d80ef08da18ad43f9b432bfe37acdc540556a
glibc-common-2.5-118.el5_10.2.x86_64.rpm     MD5: d3914aaa16a991c5cf1e150d0cf418b2
SHA-256: b5f6e1bb21aba22130d8ca1da1c32e818e215b92fa6ff316dc7eaf8180f1f6c3
glibc-debuginfo-2.5-118.el5_10.2.i386.rpm     MD5: 01d56908ae90abfa419054e7940130a6
SHA-256: 6e2ad16af851d6e554dd313741335c2a1d6b4ad7ac9cb21bd79f687f168955b2
glibc-debuginfo-2.5-118.el5_10.2.i686.rpm     MD5: c60135e12d1e9acc821677dbf6078284
SHA-256: 77cda6258a9ba433bcd4f0621caa1b6552a404776f8c53b4e16dfafbbe267e32
glibc-debuginfo-2.5-118.el5_10.2.x86_64.rpm     MD5: b01f5a72bb496b08b52af547d100ddc8
SHA-256: 58c37072ccf850045c7af7f97ecc29d8a06fb779ad88eebd5ad68af89613a338
glibc-debuginfo-common-2.5-118.el5_10.2.i386.rpm     MD5: 1ab51a2e388e62dcc3ec022c8a61ff00
SHA-256: 9a633e999df5349d51cfe3f018c60e07748b0b5e610cce3b3baa15d3299cc0d6
glibc-devel-2.5-118.el5_10.2.i386.rpm     MD5: 3c2cc60c696fe4870fa2a7a83521c992
SHA-256: 3e2cb23f27a093a60d861669344c6c4ca24dca69c7b9f5cae360f83e703116fb
glibc-devel-2.5-118.el5_10.2.x86_64.rpm     MD5: d94a52c22e59a9c83318c19143067700
SHA-256: d8c0b41a0712a2b2b7a7b4f80588f65c9e2d78fb25698315303f824149099673
glibc-headers-2.5-118.el5_10.2.x86_64.rpm     MD5: 959bec6eaa50c35da1ddb94e0d62b00b
SHA-256: 27edc9cc623a659e8851c32b01e324a3556156023ceab95fa0be2e03e5e2e7e3
glibc-utils-2.5-118.el5_10.2.x86_64.rpm     MD5: a7a26cf14cd4030b2faff85e1964f287
SHA-256: ff49b047f41d823053fd79494e9f5f88b9f41983efc8c6a865f9a923c879aabf
nscd-2.5-118.el5_10.2.x86_64.rpm     MD5: 0c33be7de811d0cd2d3a1c648bfadbea
SHA-256: 7576d836ba88295aa1499e73622d84dc53011d619f263252a9737aacd1960bf4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1007545 - CVE-2013-4332 glibc: three integer overflows in memory allocator


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/