oval:org.mitre.oval:def:21252

Definition Id: oval:org.mitre.oval:def:21252

Oval ID:	oval:org.mitre.oval:def:21252
Title:	RHSA-2012:1098: glibc security and bug fix update (Moderate)
Description:	The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1098-01 CESA-2012:1098 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406	Version:	28
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	glibc
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section glibc-devel is earlier than 0:2.12-1.80.el6_3.3 AND glibc-utils is earlier than 0:2.12-1.80.el6_3.3 AND glibc is earlier than 0:2.12-1.80.el6_3.3 AND nscd is earlier than 0:2.12-1.80.el6_3.3 AND glibc-static is earlier than 0:2.12-1.80.el6_3.3 AND glibc-common is earlier than 0:2.12-1.80.el6_3.3 AND glibc-headers is earlier than 0:2.12-1.80.el6_3.3

Definition Id: oval:org.mitre.oval:def:20273

Oval ID:	oval:org.mitre.oval:def:20273
Title:	The operating system installed on the system is Red Hat Enterprise Linux 6
Description:	The operating system installed on the system is Red Hat Enterprise Linux 6.
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:redhat:enterprise_linux:6	Version:	6
Platform(s):	Red Hat Enterprise Linux 6	Product(s):
Definition Synopsis:
Red Hat Enterprise 6 is installed AND NOT Oracle Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:21252

Definition Id: oval:org.mitre.oval:def:16337

Oval ID:	oval:org.mitre.oval:def:16337
Title:	The operating system installed on the system is CentOS Linux 6.x
Description:	The operating system installed on the system is CentOS Linux 6.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:centos:centos:6	Version:	5
Platform(s):	CentOS Linux 6	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND CentOS Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:21252