ELSA-2016-0175

Опубликовано: 16 фев. 2016

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2016-0175: glibc security and bug fix update (CRITICAL)

[2.12-1.166.7]

Update fix for CVE-2015-7547 (#1296028).

[2.12-1.166.6]

Create helper threads with enough stack for POSIX AIO and timers (#1301625).

[2.12-1.166.5]

Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028).

[2.12-1.166.4]

Support loading more libraries with static TLS (#1291270).

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

glibc

2.12-1.166.el6_7.7

glibc-common

2.12-1.166.el6_7.7

glibc-devel

2.12-1.166.el6_7.7

glibc-headers

2.12-1.166.el6_7.7

glibc-static

2.12-1.166.el6_7.7

glibc-utils

2.12-1.166.el6_7.7

nscd

2.12-1.166.el6_7.7

Oracle Linux i686

glibc

2.12-1.166.el6_7.7

glibc-common

2.12-1.166.el6_7.7

glibc-devel

2.12-1.166.el6_7.7

glibc-headers

2.12-1.166.el6_7.7

glibc-static

2.12-1.166.el6_7.7

glibc-utils

2.12-1.166.el6_7.7

nscd

2.12-1.166.el6_7.7

Связанные CVE

CVE-2015-7547

Ссылки на источники

Связанные уязвимости

CVE-2015-7547

CVSS3: 8.1

ubuntu

больше 9 лет назад

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.