Описание
ELSA-2016-0176: glibc security and bug fix update (CRITICAL)
[2.17-106.0.1.4]
- Remove strstr and strcasestr implementations using sse4.2 instructions.
- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported.
[2.17-106.4]
- Revert problematic libresolv change, not needed for the CVE-2015-7547 fix (#1296030).
[2.17-106.3]
- Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296030).
- Fix madvise performance issues (#1298930).
- Avoid 'monstartup: out of memory' error on powerpc64le (#1298956).
[2.17-106.2]
- Fix CVE-2015-5229: calloc() may return non-zero memory (#1296453).
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
glibc
2.17-106.0.1.el7_2.4
glibc-common
2.17-106.0.1.el7_2.4
glibc-devel
2.17-106.0.1.el7_2.4
glibc-headers
2.17-106.0.1.el7_2.4
glibc-static
2.17-106.0.1.el7_2.4
glibc-utils
2.17-106.0.1.el7_2.4
nscd
2.17-106.0.1.el7_2.4
Связанные CVE
Связанные уязвимости
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
The calloc function in the glibc package in Red Hat Enterprise Linux ( ...
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.