Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1733-1

Опубликовано: 04 июл. 2016
Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc provides the following fixes:

  • Increase DTV_SURPLUS limit. (bsc#968787)
  • Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727)
  • Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010)
  • Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164)
  • Fix malloc performance regression from SLE 11. (bsc#975930)
  • Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483)
  • Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854)
  • Remove mtrace.1, now included in the man-pages package. (bsc#967190)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
glibc-2.19-38.2
glibc-32bit-2.19-38.2
glibc-devel-2.19-38.2
glibc-devel-32bit-2.19-38.2
glibc-i18ndata-2.19-38.2
glibc-locale-2.19-38.2
glibc-locale-32bit-2.19-38.2
nscd-2.19-38.2
SUSE Linux Enterprise Server 12 SP1
glibc-2.19-38.2
glibc-32bit-2.19-38.2
glibc-devel-2.19-38.2
glibc-devel-32bit-2.19-38.2
glibc-html-2.19-38.2
glibc-i18ndata-2.19-38.2
glibc-info-2.19-38.2
glibc-locale-2.19-38.2
glibc-locale-32bit-2.19-38.2
glibc-profile-2.19-38.2
glibc-profile-32bit-2.19-38.2
nscd-2.19-38.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
glibc-2.19-38.2
glibc-32bit-2.19-38.2
glibc-devel-2.19-38.2
glibc-devel-32bit-2.19-38.2
glibc-html-2.19-38.2
glibc-i18ndata-2.19-38.2
glibc-info-2.19-38.2
glibc-locale-2.19-38.2
glibc-locale-32bit-2.19-38.2
glibc-profile-2.19-38.2
glibc-profile-32bit-2.19-38.2
nscd-2.19-38.2
SUSE Linux Enterprise Software Development Kit 12 SP1
glibc-devel-static-2.19-38.2
glibc-info-2.19-38.2

Ссылки

Описание

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-38.2
Ссылки

Описание

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-38.2
Ссылки

Описание

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-38.2
Ссылки

Описание

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-38.2
SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-38.2
Ссылки