Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.
7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4
Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.
0412f59ba60e6f3546c153206b4f490e8e4d6187358607bb442d3ffcaa511903
Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7
Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.
f3306f4d40c605cd5282642a6815dd2da169dca7f32fb2e4796c7ec5dcb10aa7
Red Hat Security Advisory 2014-1118-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
7fca1af74122ae5f8f810bdf1a8f77314889651cb17c53f6c538685a4e6f6ab2
Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.
ba67695dc9b003222520566f863135bb43e18212d94c36bfac54afb17dbc0f23
Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
546be34b84eb08e6ac3baa3ac0e66b3bfb9668ca3a749ee7e0b2cf5eb2d3a2e3
Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.
1fda609b5a3bc772a28814203d914f8516efd24910c2e122c8383a3dc3d5a4dd
glibc __gconv_translit_find() single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit.
330176e29f7a995ed48f5d0fc2ba71392f2e4a5144f7fae13882ef998e79a6d1