Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)
High Nessus Plugin ID 77654
The remote Mandriva Linux host is missing one or more security updates.
Multiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules (CVE-2014-5119). Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040). The updated packages have been patched to correct these issues.