MGASA-2014-0314
- Source
- https://advisories.mageia.org/MGASA-2014-0314.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0314.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0314
- Related
- Published
- 2014-08-05T20:08:48Z
- Modified
- 2026-01-30T22:40:23.048249Z
- Summary
- Updated glibc packages fix security issues
- Details
-
Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there. (CVE-2014-0475)
David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posixspawnfileactionsaddopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities. (CVE-2014-4043)
This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / glibc
Package
- Name
- glibc
- Purl
- pkg:rpm/mageia/glibc?arch=source&distro=mageia-3
Mageia:4 / glibc
Package
- Name
- glibc
- Purl
- pkg:rpm/mageia/glibc?arch=source&distro=mageia-4