Описание
Security update for glibc
This glibc update fixes a critical privilege escalation problem and two non-security issues:
Security Issues:
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP3
Ссылки
- Link for SUSE-RU-2015:0794-1
- E-Mail link for SUSE-RU-2015:0794-1
- SUSE Security Ratings
- SUSE Bug 691365
- SUSE Bug 779320
- SUSE Bug 791928
- SUSE Bug 801246
- SUSE Bug 811979
- SUSE Bug 813121
- SUSE Bug 819347
- SUSE Bug 822210
- SUSE Bug 827811
- SUSE Bug 828235
- SUSE Bug 828637
- SUSE Bug 830268
- SUSE Bug 834594
- SUSE Bug 836746
- SUSE Bug 839870
- SUSE Bug 844309
- SUSE Bug 847227
Описание
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2012-4412
- SUSE Bug 779320
- SUSE Bug 848783
- SUSE Bug 882910
- SUSE Bug 920169
- SUSE Bug 920338
Описание
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
Затронутые продукты
Ссылки
- CVE-2012-6656
- SUSE Bug 894556
- SUSE Bug 903057
Описание
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
Затронутые продукты
Ссылки
- CVE-2013-0242
- SUSE Bug 801246
- SUSE Bug 848783
- SUSE Bug 882910
Описание
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
Затронутые продукты
Ссылки
- CVE-2013-1914
- SUSE Bug 813121
- SUSE Bug 826666
- SUSE Bug 882910
- SUSE Bug 941444
Описание
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
Затронутые продукты
Ссылки
- CVE-2013-4237
- SUSE Bug 834594
- SUSE Bug 882910
- SUSE Bug 883022
Описание
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
Затронутые продукты
Ссылки
- CVE-2013-4332
- SUSE Bug 1123874
- SUSE Bug 839870
- SUSE Bug 882910
Описание
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2013-4357
- SUSE Bug 844309
- SUSE Bug 883217
- SUSE Bug 903057
Описание
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
Затронутые продукты
Ссылки
- CVE-2013-4458
- SUSE Bug 1123874
- SUSE Bug 847227
- SUSE Bug 883217
- SUSE Bug 941444
- SUSE Bug 955181
- SUSE Bug 967023
- SUSE Bug 980483
Описание
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
Затронутые продукты
Ссылки
- CVE-2013-4788
- SUSE Bug 1123874
- SUSE Bug 830268
- SUSE Bug 882910
- SUSE Bug 950944
Описание
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Затронутые продукты
Ссылки
- CVE-2013-7423
- SUSE Bug 1123874
- SUSE Bug 915526
Описание
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
Затронутые продукты
Ссылки
- CVE-2014-0475
- SUSE Bug 887022
- SUSE Bug 896776
- SUSE Bug 916222
Описание
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
Затронутые продукты
Ссылки
- CVE-2014-4043
- SUSE Bug 882600
- SUSE Bug 939797
Описание
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Затронутые продукты
Ссылки
- CVE-2014-5119
- SUSE Bug 892073
- SUSE Bug 903057
- SUSE Bug 916222
Описание
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
Затронутые продукты
Ссылки
- CVE-2014-6040
- SUSE Bug 894553
- SUSE Bug 903057
- SUSE Bug 916222
Описание
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Затронутые продукты
Ссылки
- CVE-2014-7817
- SUSE Bug 906371
Описание
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Затронутые продукты
Ссылки
- CVE-2014-9402
- SUSE Bug 910599
Описание
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Затронутые продукты
Ссылки
- CVE-2015-0235
- SUSE Bug 844309
- SUSE Bug 913646
- SUSE Bug 949238
- SUSE Bug 954983
Описание
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
Затронутые продукты
Ссылки
- CVE-2015-1472
- SUSE Bug 916222
- SUSE Bug 920341
- SUSE Bug 922243