Description
An off-by-one heap-based buffer overflow flaw was found in glibc's internal
__gconv_translit_find() function. An attacker able to make an application
call the iconv_open() function with a specially crafted argument could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-5119)
A directory traveral flaw was found in the way glibc loaded locale files.
An attacker able to make an application use a specially crafted locale name
value (for example, specified in an LC_* environment variable) could
possibly use this flaw to execute arbitrary code with the privileges of
that application. (CVE-2014-0475)