Scientific Linux Security Update : glibc on SL6.x i386/x86_64

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in glibc's memory allocator functions (pvalloc,
valloc, and memalign). If an application used such a function, it
could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2013-4332)

A flaw was found in the regular expression matching routines that
process multibyte character input. If an application utilized the
glibc regular expression matching mechanism, an attacker could provide
specially crafted input that, when processed, would cause the
application to crash. (CVE-2013-0242)

It was found that getaddrinfo() did not limit the amount of stack
memory used during name resolution. An attacker able to make an
application resolve an attacker-controlled hostname or IP address
could possibly cause the application to exhaust all stack memory and
crash. (CVE-2013-1914)

Among other changes, this update includes an important fix for the
following bug :

- Due to a defect in the initial release of the
getaddrinfo() system call in Scientific Linux 6.0,
AF_INET and AF_INET6 queries resolved from the
/etc/hosts file returned queried names as canonical
names. This incorrect behavior is, however, still
considered to be the expected behavior. As a result of a
recent change in getaddrinfo(), AF_INET6 queries started
resolving the canonical names correctly. However, this
behavior was unexpected by applications that relied on
queries resolved from the /etc/hosts file, and these
applications could thus fail to operate properly. This
update applies a fix ensuring that AF_INET6 queries
resolved from /etc/hosts always return the queried name
as canonical. Note that DNS lookups are resolved
properly and always return the correct canonical names.
A proper fix to AF_INET6 queries resolution from
/etc/hosts may be applied in future releases
for now,
due to a lack of standard, Red Hat suggests the first
entry in the /etc/hosts file, that applies for the IP
address being resolved, to be considered the canonical
entry.

See also :

http://www.nessus.org/u?030c8ddc

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 71193 ()

Bugtraq ID:

CVE ID: CVE-2013-0242
CVE-2013-1914
CVE-2013-4332