Описание
ELSA-2015-0092: glibc security update (CRITICAL)
Oracle Linux 7: [2.17-55.0.4.el7_0.5]
- Remove strstr and strcasestr implementations using sse4.2 instructions.
- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi)
[2.17-55.5]
- Rebuild and run regression testing.
[2.17-55.4]
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535).
[2.17-55.3]
- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118)
[2.17-55.2]
- ftell: seek to end only when there are unflushed bytes (#1170187).
[2.17-55.1]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
Oracle Linux 6 : [2.12-1.149.5]
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
glibc
2.12-1.149.el6_6.5
glibc-common
2.12-1.149.el6_6.5
glibc-devel
2.12-1.149.el6_6.5
glibc-headers
2.12-1.149.el6_6.5
glibc-static
2.12-1.149.el6_6.5
glibc-utils
2.12-1.149.el6_6.5
nscd
2.12-1.149.el6_6.5
Oracle Linux i686
glibc
2.12-1.149.el6_6.5
glibc-common
2.12-1.149.el6_6.5
glibc-devel
2.12-1.149.el6_6.5
glibc-headers
2.12-1.149.el6_6.5
glibc-static
2.12-1.149.el6_6.5
glibc-utils
2.12-1.149.el6_6.5
nscd
2.12-1.149.el6_6.5
Oracle Linux 7
Oracle Linux x86_64
glibc
2.17-55.0.4.el7_0.5
glibc-common
2.17-55.0.4.el7_0.5
glibc-devel
2.17-55.0.4.el7_0.5
glibc-headers
2.17-55.0.4.el7_0.5
glibc-static
2.17-55.0.4.el7_0.5
glibc-utils
2.17-55.0.4.el7_0.5
nscd
2.17-55.0.4.el7_0.5
Связанные CVE
Связанные уязвимости
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Heap-based buffer overflow in the __nss_hostname_digits_dots function ...
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."