ALAS-2015-495


Amazon Linux AMI Security Advisory: ALAS-2015-495
Advisory Release Date: 2015-03-23 08:55 Pacific
Severity: Medium

Issue Overview:

An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040 )

It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121 )


Affected Packages:

glibc


Issue Correction:
Run yum update glibc to update your system.

New Packages:
i686:
    glibc-2.17-55.139.amzn1.i686
    glibc-common-2.17-55.139.amzn1.i686
    glibc-static-2.17-55.139.amzn1.i686
    glibc-devel-2.17-55.139.amzn1.i686
    glibc-headers-2.17-55.139.amzn1.i686
    glibc-debuginfo-common-2.17-55.139.amzn1.i686
    glibc-debuginfo-2.17-55.139.amzn1.i686
    glibc-utils-2.17-55.139.amzn1.i686
    nscd-2.17-55.139.amzn1.i686

src:
    glibc-2.17-55.139.amzn1.src

x86_64:
    glibc-debuginfo-2.17-55.139.amzn1.x86_64
    glibc-devel-2.17-55.139.amzn1.x86_64
    glibc-headers-2.17-55.139.amzn1.x86_64
    nscd-2.17-55.139.amzn1.x86_64
    glibc-common-2.17-55.139.amzn1.x86_64
    glibc-2.17-55.139.amzn1.x86_64
    glibc-static-2.17-55.139.amzn1.x86_64
    glibc-utils-2.17-55.139.amzn1.x86_64
    glibc-debuginfo-common-2.17-55.139.amzn1.x86_64