ELSA-2015-1627

Опубликовано: 17 авг. 2015

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2015-1627: glibc security update (MODERATE)

[2.5-123.0.1.el5_11.3]

Switch to use malloc when the input line is too long [Orabug 19951108] (Jason Luan)
Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin)

[2.5-123.3]

Fix invalid-free when using getaddrinfo() and AI_IDN (CVE-2013-7424,

[2.5-123.1]

Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532).

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

glibc

2.5-123.0.1.el5_11.3

glibc-common

2.5-123.0.1.el5_11.3

glibc-devel

2.5-123.0.1.el5_11.3

glibc-headers

2.5-123.0.1.el5_11.3

glibc-utils

2.5-123.0.1.el5_11.3

nscd

2.5-123.0.1.el5_11.3

Oracle Linux x86_64

glibc

2.5-123.0.1.el5_11.3

glibc-common

2.5-123.0.1.el5_11.3

glibc-devel

2.5-123.0.1.el5_11.3

glibc-headers

2.5-123.0.1.el5_11.3

glibc-utils

2.5-123.0.1.el5_11.3

nscd

2.5-123.0.1.el5_11.3

Oracle Linux i386

glibc

2.5-123.0.1.el5_11.3

glibc-common

2.5-123.0.1.el5_11.3

glibc-devel

2.5-123.0.1.el5_11.3

glibc-headers

2.5-123.0.1.el5_11.3

glibc-utils

2.5-123.0.1.el5_11.3

nscd

2.5-123.0.1.el5_11.3

Связанные CVE

CVE-2013-7424

Ссылки на источники

Связанные уязвимости

CVE-2013-7424

ubuntu

около 10 лет назад

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.

CVE-2013-7424

redhat

больше 10 лет назад

CVE-2013-7424

nvd

около 10 лет назад

CVE-2013-7424

debian

около 10 лет назад

The getaddrinfo function in glibc before 2.15, when compiled with libi ...

GHSA-cf2r-3fcj-q45r

github

больше 3 лет назад