CVE-2011-1659

Name of the Vulnerable Software and Affected Versions glibc versions 2.3.4 through 2.13 glibc-utils versions 2.3.4 glibc-common versions 2.3.4 glibc-devel versions 2.3.4 glibc-profile versions 2.3.4 glibc-headers versions 2.3.4 nptl-devel version 2.3.4

Description The issue involves multiple vulnerabilities in the glibc package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. Specifically, an integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument.

Recommendations For glibc versions 2.3.4 through 2.13, update to a version later than 2.13 to resolve the issue. For glibc-utils versions 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-common versions 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-devel versions 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-profile versions 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-headers versions 2.3.4, update to a version later than 2.3.4 to resolve the issue. For nptl-devel version 2.3.4, update to a version later than 2.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable glibc functions until a patch is available.