ALAS-2012-039


Amazon Linux AMI Security Advisory: ALAS-2012-39
Advisory Release Date: 2014-09-14 15:14 Pacific
Severity: Medium

Issue Overview:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029 )

A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609 )


Affected Packages:

glibc


Issue Correction:
Run yum update glibc to update your system.

New Packages:
i686:
    glibc-debuginfo-common-2.12-1.47.32.amzn1.i686
    glibc-common-2.12-1.47.32.amzn1.i686
    glibc-debuginfo-2.12-1.47.32.amzn1.i686
    glibc-devel-2.12-1.47.32.amzn1.i686
    glibc-2.12-1.47.32.amzn1.i686
    glibc-utils-2.12-1.47.32.amzn1.i686
    nscd-2.12-1.47.32.amzn1.i686
    glibc-headers-2.12-1.47.32.amzn1.i686
    glibc-static-2.12-1.47.32.amzn1.i686

src:
    glibc-2.12-1.47.32.amzn1.src

x86_64:
    glibc-devel-2.12-1.47.32.amzn1.x86_64
    glibc-static-2.12-1.47.32.amzn1.x86_64
    glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64
    glibc-utils-2.12-1.47.32.amzn1.x86_64
    glibc-common-2.12-1.47.32.amzn1.x86_64
    glibc-headers-2.12-1.47.32.amzn1.x86_64
    glibc-2.12-1.47.32.amzn1.x86_64
    glibc-debuginfo-2.12-1.47.32.amzn1.x86_64
    nscd-2.12-1.47.32.amzn1.x86_64