Download
| Alert*
|
oval:org.secpod.oval:def:1601319
Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. oval:org.secpod.oval:def:503437 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: getaddrinfo should reject I ... oval:org.secpod.oval:def:25169 The host is installed with glibc on Red Hat Enterprise Linux 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long line containing wide characters. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:109955 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:203081 glibc is installed oval:org.secpod.oval:def:202403 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This co ... oval:org.secpod.oval:def:204519 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ... oval:org.secpod.oval:def:89003155 This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match . oval:org.secpod.oval:def:89002502 This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call Non security issue fixed: - Fix incorrect getaddrinfo assertion trigger oval:org.secpod.oval:def:66474 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: getaddrinfo should reject I ... oval:org.secpod.oval:def:204676 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:89002376 This update for glibc fixes the following issues: Security issue fixed: - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments . Bug fixes: - bsc#1086690: Fix crash in resolver on memory allocation failure. - bsc#1077763: Fix allocatio ... oval:org.secpod.oval:def:204113 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:89044019 This update for glibc fixes the following issues: Security issue fixed: - CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE . Non-security issue fixed: - Avoid access beyond memory bounds in pthread_attr_getaffinity_np . - Remove improper assert in dlclose . oval:org.secpod.oval:def:89044687 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] oval:org.secpod.oval:def:506490 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: Arbitrary read in wordexp ... oval:org.secpod.oval:def:89043999 This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary - CVE-2018-11236: Fix overflow in path length computation - CVE-2018-11237: Don"t write beyond buffer destination in __mempcpy_avx512_no_vzeroupper Non security bugs fixed: - Fix ... oval:org.secpod.oval:def:86357 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: Off-by-one buffer overflow/ ... oval:org.secpod.oval:def:121563 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:121545 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:89003191 This update for glibc fixes the following issues: Security issue fixed: - CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE . Feature work: - IBM zSeries arch13 hardware support in glibc added Other issue addressed: - Fixed a concurrency issue with ldconfig . oval:org.secpod.oval:def:89045140 This update for glibc fixes the following issues: - Drop old fix that could break services that start before IPv6 is up. - Do not copy d_name field of struct dirent. - Fix memory leak in _nss_dns_gethostbyname4_r. - Relocate DSOs in dependency order, fixing a potential crash during symbol relocat ... oval:org.secpod.oval:def:501768 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way ... oval:org.secpod.oval:def:89045309 This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable all ... oval:org.secpod.oval:def:400783 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:110172 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:110170 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:203841 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way ... oval:org.secpod.oval:def:400632 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:1501348 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way th ... oval:org.secpod.oval:def:1600375 It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. oval:org.secpod.oval:def:204232 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for ... oval:org.secpod.oval:def:204208 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstanc ... oval:org.secpod.oval:def:1500992 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:1600052 Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for a getsockopt system call, related to the do_ip_vs_get_ctl function, or a setsock ... oval:org.secpod.oval:def:1601317 An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such f ... oval:org.secpod.oval:def:202298 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ... oval:org.secpod.oval:def:202427 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ... oval:org.secpod.oval:def:1601272 Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting a string to a numeric representation . If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:201826 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ... oval:org.secpod.oval:def:201878 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ... oval:org.secpod.oval:def:114537 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:19500147 A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create in the sunrpc's clnt_gen.c module of the GNU C Library through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer ... oval:org.secpod.oval:def:201801 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not per ... oval:org.secpod.oval:def:201803 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not per ... oval:org.secpod.oval:def:202302 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ... oval:org.secpod.oval:def:202429 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ... oval:org.secpod.oval:def:202402 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections ... oval:org.secpod.oval:def:501766 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the wa ... oval:org.secpod.oval:def:203616 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:203845 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the wa ... oval:org.secpod.oval:def:1501349 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way th ... oval:org.secpod.oval:def:1600387 A stack-based buffer overflow flaw was found in the send_dg and send_vc functions, used by getaddrinfo and other higher-level interfaces of glibc. A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the permissions of th ... oval:org.secpod.oval:def:204521 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ... oval:org.secpod.oval:def:204635 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:204844 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: Buffer overflow in glob wit ... oval:org.secpod.oval:def:89050342 This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition . Bug fixes: - Fixed z15 strstr implementation that can return incorrect results if search ... oval:org.secpod.oval:def:89050244 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction . - Fixed an issue where pthread were not always locked correctly . - Document mprotect and introduce section on memory protection . oval:org.secpod.oval:def:89003245 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun - CVE-2016-10739: Fully parse IPv4 address strings - CVE-2009-5155: ERE "0|0|\1|0" causes regexec undefined behavior Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENAB ... oval:org.secpod.oval:def:89048005 This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp - x86: fix stack alignment in pthread_cond_[timed]wait - Recognize ppc64p7 arch to build for power7 oval:org.secpod.oval:def:89003415 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match . - CVE-2009-5155: Fixed a denial of service in parse_reg_exp . Non-security issues fixed: - Added cfi information ... oval:org.secpod.oval:def:89050636 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match . - CVE-2009-5155: Fixed a denial of service in parse_reg_exp . Non-security issues fixed: - Does no longer compres ... oval:org.secpod.oval:def:89003322 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match . - CVE-2009-5155: Fixed a denial of service in parse_reg_exp . Non-security issues fixed: - Added cfi information ... oval:org.secpod.oval:def:500416 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ... oval:org.secpod.oval:def:500442 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ... oval:org.secpod.oval:def:500467 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not per ... oval:org.secpod.oval:def:1503370 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:120461 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:120341 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:120232 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:118498 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:111295 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:111248 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:110608 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1600762 Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.Integer overflow in hcreate and hcreate_rAn integer overflow ... oval:org.secpod.oval:def:1501997 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501806 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:502110 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:502002 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:110483 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1200122 A buffer overflow flaw was found in the way glibc"s gethostbyname_r and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the applic ... oval:org.secpod.oval:def:1200040 A buffer overflow flaw was found in the way glibc"s gethostbyname_r and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the applic ... oval:org.secpod.oval:def:1501252 It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application enc ... oval:org.secpod.oval:def:1501261 It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. oval:org.secpod.oval:def:501700 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstanc ... oval:org.secpod.oval:def:501703 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for ... oval:org.secpod.oval:def:501562 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:110523 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1500755 Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sever ... oval:org.secpod.oval:def:1700798 The mq_notify function in the GNU C Library has a use-after-free. It may use the notification thread attributes object after it has been freed by the caller, leading to a denial of service or possibly unspecified other impact oval:org.secpod.oval:def:89047097 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify . - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number . oval:org.secpod.oval:def:1505311 [2.28-164.0.1] - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASI ... oval:org.secpod.oval:def:2500371 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. oval:org.secpod.oval:def:1505260 [2.28-164.0.1] - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASI ... oval:org.secpod.oval:def:115574 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:115586 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1700118 In the GNU C Library through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex function. oval:org.secpod.oval:def:1600501 A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resul ... oval:org.secpod.oval:def:1501643 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:501902 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:2500534 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. oval:org.secpod.oval:def:4500054 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. For more details about the security issue, includi ... oval:org.secpod.oval:def:1505734 [2.17-325.0.3.ksplice1] - Latest Ksplice-aware release. [2.17-325.0.3] - OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi oval:org.secpod.oval:def:3300455 SUSE Security Update: Security update for glibc oval:org.secpod.oval:def:119308 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:119306 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:89047552 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create Features added: - IBM Power 10 string operation improvements oval:org.secpod.oval:def:89046013 glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for unix - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create Bugs fixed: - Make endian-conversion macro ... oval:org.secpod.oval:def:1503829 Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1503623 Updated glibc packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500874 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ... oval:org.secpod.oval:def:105856 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:500876 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ... oval:org.secpod.oval:def:500763 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ... oval:org.secpod.oval:def:500766 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ... oval:org.secpod.oval:def:1503801 Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1500160 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:202809 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo did not limit the a ... oval:org.secpod.oval:def:500851 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections ... oval:org.secpod.oval:def:500852 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This co ... oval:org.secpod.oval:def:105834 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:203403 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ... oval:org.secpod.oval:def:203402 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ... oval:org.secpod.oval:def:203405 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ... oval:org.secpod.oval:def:1500689 Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:107827 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1500691 Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1500690 Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1600062 An off-by-one heap-based buffer overflow flaw was found in glibc"s internal __gconv_translit_find function. An attacker able to make an application call the iconv_open function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that applic ... oval:org.secpod.oval:def:501428 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way ... oval:org.secpod.oval:def:501047 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo did not limit the a ... oval:org.secpod.oval:def:1500306 Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which giv ... oval:org.secpod.oval:def:501369 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ... oval:org.secpod.oval:def:1600314 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc"s memory allocator functions . If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ... oval:org.secpod.oval:def:501139 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ... oval:org.secpod.oval:def:21807 The host is installed with glibc before 2.20 and is prone to an use-after-free vulnerabilities. The flaws are present in the application, which does not copy its path argument in accordance with the POSIX specification. Successful exploitation allows context-dependent attackers to trigger use-after- ... oval:org.secpod.oval:def:1600116 A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value could possibly use this flaw to execute arbitrary code with the privileges of that application. oval:org.secpod.oval:def:107417 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:105906 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:501114 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ... oval:org.secpod.oval:def:1500278 Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1701957 In librt in the GNU C Library through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix oval:org.secpod.oval:def:205355 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: getaddrinfo should reject I ... oval:org.secpod.oval:def:113356 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:114567 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:205299 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: getaddrinfo should reject I ... oval:org.secpod.oval:def:503303 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: getaddrinfo should reject I ... oval:org.secpod.oval:def:89048095 This update for glibc fixes the following issues: - CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings oval:org.secpod.oval:def:1700109 A buffer overflow has been discovered in the GNU C Library in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code. oval:org.secpod.oval:def:113118 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:89049753 This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the cop ... oval:org.secpod.oval:def:502051 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ... oval:org.secpod.oval:def:1600716 Glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap ... oval:org.secpod.oval:def:1501897 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501898 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:112499 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:113803 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:502049 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ... oval:org.secpod.oval:def:1700062 stdlib/canonicalize.c in the GNU C Library 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.The GNU C Library bef ... oval:org.secpod.oval:def:112488 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1502255 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113860 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:113539 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:502321 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: Buffer overflow in glob wit ... oval:org.secpod.oval:def:89050945 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet Other changes: * Added GB18030-2022 charmap * Run vismain only if linker supports protected data symbol oval:org.secpod.oval:def:89050978 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet Also a regression from a previous update was fixed: * elf: Align argument of __munmap to page size oval:org.secpod.oval:def:97541 [CLSA-2021:1629395067] Fixed CVEs in glibc: CVE-2021-35942, CVE-2021-33574, CVE-2021-38604 oval:org.secpod.oval:def:97557 [CLSA-2021:1632262065] Update of glibc oval:org.secpod.oval:def:97600 [CLSA-2022:1643818516] Fixed CVEs in glibc: CVE-2022-23218, CVE-2022-23219 oval:org.secpod.oval:def:97613 [CLSA-2022:1648138117] Fixed CVE-2021-3999 in glibc oval:org.secpod.oval:def:203524 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp function would perf ... oval:org.secpod.oval:def:204282 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way ... oval:org.secpod.oval:def:1200119 An out-of-bounds read flaw was found in the way glibc"s iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. It was found that the files back end of Nam ... oval:org.secpod.oval:def:1500906 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ratin ... oval:org.secpod.oval:def:1200187 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:203551 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s __ ... oval:org.secpod.oval:def:203550 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s __ ... oval:org.secpod.oval:def:1500893 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE ... oval:org.secpod.oval:def:1500895 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from t ... oval:org.secpod.oval:def:1500894 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from t ... oval:org.secpod.oval:def:108466 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:108468 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:204190 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ... oval:org.secpod.oval:def:502158 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ... oval:org.secpod.oval:def:203549 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s __ ... oval:org.secpod.oval:def:203531 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ... oval:org.secpod.oval:def:501631 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc"s getaddr ... oval:org.secpod.oval:def:501511 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ... oval:org.secpod.oval:def:501481 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp function would perf ... oval:org.secpod.oval:def:501483 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ... oval:org.secpod.oval:def:501493 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ... oval:org.secpod.oval:def:501492 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ... oval:org.secpod.oval:def:1501146 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc"s getaddr ... oval:org.secpod.oval:def:203692 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc"s getaddr ... oval:org.secpod.oval:def:1500877 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1200101 An out-of-bounds read flaw was found in the way glibc"s iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp function woul ... oval:org.secpod.oval:def:1500924 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." oval:org.secpod.oval:def:1500828 Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:4501487 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer overflow in ld.so le ... oval:org.secpod.oval:def:1507043 [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi < jose.marchesi at oracle.com > oval:org.secpod.oval:def:1507046 [2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi < jose.marchesi at oracle.com > oval:org.secpod.oval:def:126244 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:126227 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:19500493 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash oval:org.secpod.oval:def:127092 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:127093 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:89048613 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-0687: Fix allocated buffer overflow in gmon Other issues fixed: * Fix avx2 strncmp offset compare condition check * elf: Allow dlopen of filter object to work * powerpc: Fix unrecognized instruction errors with rec ... oval:org.secpod.oval:def:1504933 [2.28-151.0.1.el8_4] - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD v ... oval:org.secpod.oval:def:97583 [CLSA-2021:1637583639] Fixed CVEs in glibc: CVE-2021-3326, CVE-2021-43396 oval:org.secpod.oval:def:73579 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer over-read in iconv w ... oval:org.secpod.oval:def:89046907 This update for glibc fixes the following issues: Security issues fixed: - CVE-2015-5180: Fix crash with internal QTYPE in resolv - CVE-2016-10228: Rewrite iconv option parsing - CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module - CVE-2020-27618: Accept redundant shift sequences in I ... oval:org.secpod.oval:def:89048648 This update for glibc fixes the following issues: Security issues fixed: * CVE-2020-29573: x86: printf was hardened against non-normal long double values * CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module * CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module * CVE-202 ... oval:org.secpod.oval:def:1504976 [2.28-151.0.1.el8_4] - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD v ... oval:org.secpod.oval:def:4501339 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer over-read in iconv w ... oval:org.secpod.oval:def:2500260 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. oval:org.secpod.oval:def:1600962 A buffer overflow has been discovered in the GNU C Library in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.elf/dl-load.c in the GNU C Library 2.19 through 2.26 misha ... oval:org.secpod.oval:def:117751 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:67958 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: array overflow in backtrace ... oval:org.secpod.oval:def:117986 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:113939 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1600880 Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.Buffer overflow in glob ... oval:org.secpod.oval:def:89000229 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution . - CVE-2020-1751: Fixed an ... oval:org.secpod.oval:def:115085 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:502266 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow w ... oval:org.secpod.oval:def:113932 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:89002980 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero - Use posix_spawn on popen - Correct locking and cancellation cleanup in syslog functions - Fixed concurrent changes on nscd aware files oval:org.secpod.oval:def:1502176 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89002331 This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc f ... oval:org.secpod.oval:def:504751 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: array overflow in backtrace ... oval:org.secpod.oval:def:89000491 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution . oval:org.secpod.oval:def:114546 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:204790 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow w ... oval:org.secpod.oval:def:114099 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:205635 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: LD_PREFER_MAP_32BIT_EXEC no ... oval:org.secpod.oval:def:113077 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1700017 Integer overflow in malloc functions:The malloc implementation in the GNU C Library , from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than request ... oval:org.secpod.oval:def:89002125 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath function has been fixed. [CVE-2018-1000001, bsc#1074293] oval:org.secpod.oval:def:117696 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:200487 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ... oval:org.secpod.oval:def:500073 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ... oval:org.secpod.oval:def:500078 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically ... oval:org.secpod.oval:def:202230 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ... oval:org.secpod.oval:def:202235 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ... oval:org.secpod.oval:def:500719 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ... oval:org.secpod.oval:def:500179 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ... oval:org.secpod.oval:def:1503453 Updated glibc packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503697 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:500737 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ... oval:org.secpod.oval:def:201643 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ... oval:org.secpod.oval:def:1601347 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with ... oval:org.secpod.oval:def:3302471 Security update for glibc oval:org.secpod.oval:def:89051598 This update for glibc fixes the following issues: Security issues fixed: * CVE-2020-29573: x86: printf was hardened against non-normal long double values * CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module * CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module * CVE-202 ... oval:org.secpod.oval:def:205836 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer over-read in iconv w ... oval:org.secpod.oval:def:1504619 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89051654 This update for glibc fixes the following issues: Security issues fixed: * qsort: harden handling of degenerated / non transient compare function Other issues fixed: * getaddrinfo: translate ENOMEM to EAI_MEMORY * aarch64: correct CFI in rawmemchr oval:org.secpod.oval:def:89051795 This update for glibc fixes the following issues: * iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence |
