Описание
Security update for glibc
This update for glibc contains the following fixes:
Security Issues:
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP1-TERADATA
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP2
Ссылки
- Link for SUSE-SU-2015:0551-1
- E-Mail link for SUSE-SU-2015:0551-1
- SUSE Security Ratings
- SUSE Bug 684534
- SUSE Bug 691365
- SUSE Bug 741345
- SUSE Bug 743689
- SUSE Bug 744996
- SUSE Bug 745658
- SUSE Bug 746824
- SUSE Bug 747768
- SUSE Bug 750741
- SUSE Bug 760795
- SUSE Bug 763512
- SUSE Bug 767266
- SUSE Bug 770891
- SUSE Bug 775690
- SUSE Bug 777233
- SUSE Bug 779320
- SUSE Bug 783060
Описание
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
Затронутые продукты
Ссылки
- CVE-2012-0864
- SUSE Bug 747768
- SUSE Bug 826666
Описание
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.
Затронутые продукты
Ссылки
- CVE-2012-3404
- SUSE Bug 770891
Описание
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.
Затронутые продукты
Ссылки
- CVE-2012-3405
- SUSE Bug 770891
Описание
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Затронутые продукты
Ссылки
- CVE-2012-3406
- SUSE Bug 770891
- SUSE Bug 826666
Описание
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2012-3480
- SUSE Bug 775690
- SUSE Bug 826666
- SUSE Bug 968660
Описание
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2012-4412
- SUSE Bug 779320
- SUSE Bug 848783
- SUSE Bug 882910
- SUSE Bug 920169
- SUSE Bug 920338
Описание
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
Затронутые продукты
Ссылки
- CVE-2012-6656
- SUSE Bug 894556
- SUSE Bug 903057
Описание
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
Затронутые продукты
Ссылки
- CVE-2013-0242
- SUSE Bug 801246
- SUSE Bug 848783
- SUSE Bug 882910
Описание
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
Затронутые продукты
Ссылки
- CVE-2013-1914
- SUSE Bug 813121
- SUSE Bug 826666
- SUSE Bug 882910
- SUSE Bug 941444
Описание
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
Затронутые продукты
Ссылки
- CVE-2013-4237
- SUSE Bug 834594
- SUSE Bug 882910
- SUSE Bug 883022
Описание
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
Затронутые продукты
Ссылки
- CVE-2013-4332
- SUSE Bug 1123874
- SUSE Bug 839870
- SUSE Bug 882910
Описание
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2013-4357
- SUSE Bug 844309
- SUSE Bug 883217
- SUSE Bug 903057
Описание
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
Затронутые продукты
Ссылки
- CVE-2013-4788
- SUSE Bug 1123874
- SUSE Bug 830268
- SUSE Bug 882910
- SUSE Bug 950944
Описание
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Затронутые продукты
Ссылки
- CVE-2013-7423
- SUSE Bug 1123874
- SUSE Bug 915526
Описание
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Затронутые продукты
Ссылки
- CVE-2014-5119
- SUSE Bug 892073
- SUSE Bug 903057
- SUSE Bug 916222
Описание
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
Затронутые продукты
Ссылки
- CVE-2014-6040
- SUSE Bug 894553
- SUSE Bug 903057
- SUSE Bug 916222
Описание
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Затронутые продукты
Ссылки
- CVE-2014-7817
- SUSE Bug 906371
Описание
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Затронутые продукты
Ссылки
- CVE-2014-9402
- SUSE Bug 910599
Описание
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Затронутые продукты
Ссылки
- CVE-2015-0235
- SUSE Bug 844309
- SUSE Bug 913646
- SUSE Bug 949238
- SUSE Bug 954983
Описание
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
Затронутые продукты
Ссылки
- CVE-2015-1472
- SUSE Bug 916222
- SUSE Bug 920341
- SUSE Bug 922243