Описание
Security update for glibc
This update for glibc provides the following fixes:
- Increase DTV_SURPLUS limit. (bsc#968787)
- Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727)
- Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010)
- Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164)
- Fix malloc performance regression from SLE 11. (bsc#975930)
- Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483)
- Do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854)
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2016:1721-1
- E-Mail link for SUSE-SU-2016:1721-1
- SUSE Security Ratings
- SUSE Bug 968787
- SUSE Bug 969727
- SUSE Bug 973010
- SUSE Bug 973164
- SUSE Bug 975930
- SUSE Bug 980483
- SUSE Bug 980854
- SUSE CVE CVE-2016-1234 page
- SUSE CVE CVE-2016-3075 page
- SUSE CVE CVE-2016-3706 page
- SUSE CVE CVE-2016-4429 page
Описание
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
Затронутые продукты
Ссылки
- CVE-2016-1234
- SUSE Bug 1020940
- SUSE Bug 969727
- SUSE Bug 988770
- SUSE Bug 988782
- SUSE Bug 989127
Описание
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
Затронутые продукты
Ссылки
- CVE-2016-3075
- SUSE Bug 1123874
- SUSE Bug 973164
Описание
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
Затронутые продукты
Ссылки
- CVE-2016-3706
- SUSE Bug 1123874
- SUSE Bug 980483
- SUSE Bug 997423
Описание
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Затронутые продукты
Ссылки
- CVE-2016-4429
- SUSE Bug 1081556
- SUSE Bug 1123874
- SUSE Bug 980854