IBM Software Delivery and Lifecycle Patterns requires client action for the glibc vulnerabilities.
The GNU C Library (glibc) is vulnerable to a heap-based buffer overflow, a local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.
| Subscribe to My Notifications to be notified of important product support alerts like this.
IBM Software Delivery and Lifecycle Patterns ships with Red Hat Enterprise Linux 6.4 which is vulnerable to CVE-2014-5119.
**CVE ID:**CVE-2014-5119
**Description:**The GNU C Library (glibc) is vulnerable to a heap-based buffer overflow, caused by an off-by-one error in the __gconv_translit_find() function. By setting the CHARSET environment variable to a malicious value, a local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.2 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95044> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
IBM Software Delivery and Lifecycle Patterns 1.0 and 1.0.1
IBM strongly recommends you should contact Red Hat to obtain and install fixes for Red Hat Enterprise Linux 6.4.
Alternatively, if you have access to a Yum update repository, you may update the glibc library by using the command: yum update glibc
None