Amazon Linux 1 Security Advisory: ALAS-2012-39
Advisory Release Date: 2012-02-02 14:26 Pacific
Advisory Updated Date: 2014-09-14 15:14 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)
A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)
Affected Packages:
glibc
Issue Correction:
Run yum update glibc to update your system.
i686:
glibc-debuginfo-common-2.12-1.47.32.amzn1.i686
glibc-common-2.12-1.47.32.amzn1.i686
glibc-debuginfo-2.12-1.47.32.amzn1.i686
glibc-devel-2.12-1.47.32.amzn1.i686
glibc-2.12-1.47.32.amzn1.i686
glibc-utils-2.12-1.47.32.amzn1.i686
nscd-2.12-1.47.32.amzn1.i686
glibc-headers-2.12-1.47.32.amzn1.i686
glibc-static-2.12-1.47.32.amzn1.i686
src:
glibc-2.12-1.47.32.amzn1.src
x86_64:
glibc-devel-2.12-1.47.32.amzn1.x86_64
glibc-static-2.12-1.47.32.amzn1.x86_64
glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64
glibc-utils-2.12-1.47.32.amzn1.x86_64
glibc-common-2.12-1.47.32.amzn1.x86_64
glibc-headers-2.12-1.47.32.amzn1.x86_64
glibc-2.12-1.47.32.amzn1.x86_64
glibc-debuginfo-2.12-1.47.32.amzn1.x86_64
nscd-2.12-1.47.32.amzn1.x86_64