Описание
Security update for glibc
This update for glibc fixes the following issues:
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768, BZ #22542)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768)
- CVE-2021-3999: Fixed in getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769)
- CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269)
- CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2022:14923-1
- E-Mail link for SUSE-SU-2022:14923-1
- SUSE Security Ratings
- SUSE Bug 1193615
- SUSE Bug 1193616
- SUSE Bug 1194640
- SUSE Bug 1194768
- SUSE Bug 1194770
- SUSE CVE CVE-2015-8982 page
- SUSE CVE CVE-2015-8983 page
- SUSE CVE CVE-2021-3999 page
- SUSE CVE CVE-2022-23218 page
- SUSE CVE CVE-2022-23219 page
Описание
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-8982
- SUSE Bug 1123874
- SUSE Bug 1193616
- SUSE Bug 1199869
- SUSE Bug 1200203
- SUSE Bug 920169
- SUSE Bug 920338
Описание
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-8983
- SUSE Bug 1123874
- SUSE Bug 1193615
- SUSE Bug 1199869
- SUSE Bug 920169
- SUSE Bug 920338
Описание
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2021-3999
- SUSE Bug 1194640
- SUSE Bug 1196024
- SUSE Bug 1196389
- SUSE Bug 1199869
- SUSE Bug 1200203
Описание
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2022-23218
- SUSE Bug 1194770
- SUSE Bug 1199869
- SUSE Bug 1200036
Описание
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2022-23219
- SUSE Bug 1194768
- SUSE Bug 1199869
- SUSE Bug 1200036