Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for glibc CESA-2012:1207 centos5

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.6

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

9 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory.

Insight

Insight

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug: * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Affected Software

Affected Software

glibc on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)