First Last Prev Next    This bug is not in your last search results.
Bug 735850 - VUL-0: glibc: timezone loader overflow issue
VUL-0: glibc: timezone loader overflow issue
Status: RESOLVED FIXED
: 736174 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Richard Biener
Security Team bot
maint:released:sle11-sp1:44638 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-09 10:52 UTC by Marcus Meissner
Modified: 2015-02-18 22:06 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
fixed upstream patch (3.28 KB, patch)
2011-12-19 10:10 UTC, Richard Biener 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2011-12-09 10:52:24 UTC 
is public, via oss-sec and full-disclosure

http://dividead.wordpress.com/tag/heap-overflow/
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html

Ok it appears although this is difficult to exploit, it can be triggered
potentially allowing a security boundary to be crossed in some
situations. Please use CVE-2009-5029 for this glibc timezone integer 
overflow issue.

(Marcus: I do not think glibc is fixed yet.)
Comment 1 Swamp Workflow Management 2011-12-09 23:00:12 UTC 
bugbot adjusting priority
Comment 2 Michael Matz 2011-12-12 12:21:29 UTC 
Well, this is no different than any other random data corruption issue.
Low prio.
Comment 3 Matthias Weckbecker 2011-12-12 12:43:04 UTC 
*** Bug 736174 has been marked as a duplicate of this bug. ***
Comment 4 Marcus Meissner 2011-12-12 14:19:16 UTC 
http://seclists.org/fulldisclosure/2011/Dec/276
Comment 5 Marcus Meissner 2011-12-13 16:29:21 UTC 
http://rcvalle.com/post/14169476482/exploiting-glibc-tzfile-read-integer-overflow-to

very good explanation. seems even be exploitable within vsftpd. :/
Comment 8 Swamp Workflow Management 2011-12-14 15:20:56 UTC 
The SWAMPID for this issue is 44585.
This issue was rated as important.
Please submit fixed packages until 2011-12-21.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 10 Andreas Jaeger 2011-12-15 20:16:55 UTC 
First patch:
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
Comment 11 Richard Biener 2011-12-19 10:10:20 UTC 
Created attachment 468032 [details]
fixed upstream patch
Comment 14 Andreas Jaeger 2011-12-19 10:58:50 UTC 
Updates for openSUSE done:
glibc 12.1: SR#97012
glibc 11.4: SR#97022
glibc 11.3: SR#97021
Comment 15 Bernhard Wiedemann 2011-12-19 11:00:15 UTC 
This is an autogenerated message for OBS integration:
This bug (735850) was mentioned in
https://build.opensuse.org/request/show/97012 12.1 / glibc
https://build.opensuse.org/request/show/97021 11.3 / glibc
https://build.opensuse.org/request/show/97022 11.4 / glibc
Comment 17 Swamp Workflow Management 2012-01-04 20:32:16 UTC 
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 18 Swamp Workflow Management 2012-01-04 21:45:34 UTC 
Update released for: glibc, glibc-32bit, glibc-64bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-64bit, glibc-dceext-devel, glibc-dceext-x86, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-devel-64bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-64bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-64bit, glibc-profile-x86, glibc-x86, nscd
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 19 Swamp Workflow Management 2012-01-05 11:12:26 UTC 
Update released for: glibc, glibc-32bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-devel, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 20 Swamp Workflow Management 2012-01-05 14:24:05 UTC 
Update released for: glibc, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-debuginfo, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-debuginfo, glibc-obsolete, glibc-obsolete-debuginfo, glibc-profile, nscd, nscd-debuginfo
Products:
openSUSE 11.3 (debug, i586, i686, x86_64)
openSUSE 11.4 (debug, i586, i686, x86_64)
Comment 22 Bernhard Wiedemann 2012-01-11 07:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (735850) was mentioned in
https://build.opensuse.org/request/show/99695 Evergreen:11.2 / glibc
Comment 23 Bernhard Wiedemann 2012-01-13 06:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (735850) was mentioned in
https://build.opensuse.org/request/show/100122 Evergreen:11.2 / glibc
Comment 27 Richard Biener 2012-01-16 14:15:26 UTC 
Submitted to autbuild.
Comment 28 Swamp Workflow Management 2012-01-30 15:08:33 UTC 
Update released for: glibc, glibc-devel, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-profile, nscd, timezone
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 29 Marcus Meissner 2012-02-12 22:58:45 UTC 
cross checked that it is contained in SLE11 SP2 at GA.
Comment 30 Swamp Workflow Management 2013-08-01 09:52:25 UTC 
Update released for: glibc, glibc-32bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-devel, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
First Last Prev Next    This bug is not in your last search results.