Errata overview
Errata ID 278
Date 2015-01-29
Source package eglibc
Fixed in version 2.11.3-4.18.201501281259
Description 
Multiple security vulnerabilities have been found in eglibc:
* Directory traversal in locale-related environment variables
  (CVE-2014-0475)
* Off-by-one in locale handling (CVE-2014-5119)
* Crashes in decoding invalid code pages (IBM930, IBM933, IBM935,
  IBM937, IBM939, IBM1364) (CVE-2012-6656, CVE-2014-6040)
* Command execution in wordexp() with WRDE_NOCMD specified
  (CVE-2014-7817)
* Denial of service through infinite loop in getnetbyname()
  (CVE-2014-9402)
* Buffer overflow in gethostbyname and gethostbyname2 functions
  (CVE-2015-0235)
Additional notes
CVE ID CVE-2012-6656
CVE-2014-0475
CVE-2014-5119
CVE-2014-6040
CVE-2014-7817
CVE-2014-9402
CVE-2015-0235
UCS Bug number #33271