Moderate CentOS glibc Update

Metadata

medium
4.3
glibc-2.5-118.el5_10.2.i386.rpm, glibc-2.5-118.el5_10.2.i686.rpm, glibc-2.5-118.el5_10.2.src.rpm, glibc-2.5-118.el5_10.2.x86_64.rpm, glibc-common-2.5-118.el5_10.2.i386.rpm, glibc-common-2.5-118.el5_10.2.x86_64.rpm, glibc-devel-2.5-118.el5_10.2.i386.rpm, glibc-devel-2.5-118.el5_10.2.x86_64.rpm, glibc-headers-2.5-118.el5_10.2.i386.rpm, glibc-headers-2.5-118.el5_10.2.x86_64.rpm, glibc-utils-2.5-118.el5_10.2.i386.rpm, glibc-utils-2.5-118.el5_10.2.x86_64.rpm, nscd-2.5-118.el5_10.2.i386.rpm, nscd-2.5-118.el5_10.2.x86_64.rpm
CVE-2013-4332
rhn.redhat.com, lists.centos.org
2013-10-08
2017-07-27 19:06
ALAS-2013-270
Moderate CentOS glibc Update
CVE-2013-4332 glibc
CVE-2013-4332 eglibc
CVE-2013-4332
2017-04-01 19:07
2017-01-05 20:11

Description


Updated glibc packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name Server
Caching Daemon (nscd) used by multiple programs on the system. Without
these libraries, the Linux system cannot function correctly.

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in glibc's memory allocator functions (pvalloc, valloc, and
memalign). If an application used such a function, it could cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2013-4332)

This update also fixes the following bug:

* Prior to this update, the size of the L3 cache in certain CPUs for SMP
(Symmetric Multiprocessing) servers was not correctly detected. The
incorrect cache size detection resulted in less than optimal performance
for routines that used this information, including the memset() function.
To fix this bug, the cache size detection has been corrected and core
routines including memset() have their performance restored to expected
levels. (BZ#1011424)

All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 glibc glibc-2.5-118.el5_10.2.i386.rpm
glibc glibc-2.5-118.el5_10.2.i686.rpm
glibc glibc-2.5-118.el5_10.2.src.rpm
glibc glibc-2.5-118.el5_10.2.x86_64.rpm
glibc-common glibc-common-2.5-118.el5_10.2.i386.rpm
glibc-common glibc-common-2.5-118.el5_10.2.x86_64.rpm
glibc-devel glibc-devel-2.5-118.el5_10.2.i386.rpm
glibc-devel glibc-devel-2.5-118.el5_10.2.x86_64.rpm
glibc-headers glibc-headers-2.5-118.el5_10.2.i386.rpm
glibc-headers glibc-headers-2.5-118.el5_10.2.x86_64.rpm
glibc-utils glibc-utils-2.5-118.el5_10.2.i386.rpm
glibc-utils glibc-utils-2.5-118.el5_10.2.x86_64.rpm
nscd nscd-2.5-118.el5_10.2.i386.rpm
nscd nscd-2.5-118.el5_10.2.x86_64.rpm