Описание
Security update for glibc
glibc has been updated to fix four security issues.
These security issues were fixed:
- CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((
...))' (bnc#906371). - CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222).
- CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599).
- CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526).
These non-security issues were fixed:
- Fix infinite loop in check_pf (bsc#909053)
- Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985).
- Don't touch user-controlled stdio locks in forked child (bsc#864081)
- Don't use gcc extensions for non-gcc compilers (bsc#905313)
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:0526-1
- E-Mail link for SUSE-SU-2015:0526-1
- SUSE Security Ratings
- SUSE Bug 864081
- SUSE Bug 905313
- SUSE Bug 906371
- SUSE Bug 909053
- SUSE Bug 910599
- SUSE Bug 915526
- SUSE Bug 915985
- SUSE Bug 916222
- SUSE CVE CVE-2013-7423 page
- SUSE CVE CVE-2014-7817 page
- SUSE CVE CVE-2014-9402 page
- SUSE CVE CVE-2015-1472 page
Описание
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Затронутые продукты
Ссылки
- CVE-2013-7423
- SUSE Bug 1123874
- SUSE Bug 915526
Описание
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Затронутые продукты
Ссылки
- CVE-2014-7817
- SUSE Bug 906371
Описание
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Затронутые продукты
Ссылки
- CVE-2014-9402
- SUSE Bug 910599
Описание
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
Затронутые продукты
Ссылки
- CVE-2015-1472
- SUSE Bug 916222
- SUSE Bug 920341
- SUSE Bug 922243