[Forgot Password]
Login  Register Subscribe

24436

 
 

131731

 
 

114846

 
 

909

 
 

89370

 
 

140

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:0473-1 -- Suse glibc

ID: oval:org.secpod.oval:def:400632Date: (C)2016-12-27   (M)2018-06-17
Class: PATCHFamily: unix




This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution - CVE-2014-9761: A stack overflow could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. - CVE-2015-8779: A stack overflow in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don"t do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork

Platform:
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
glibc
Reference:
SUSE-SU-2016:0473-1
CVE-2014-9761
CVE-2015-7547
CVE-2015-8776
CVE-2015-8777
CVE-2015-8778
CVE-2015-8779
CVE    6
CVE-2014-9761
CVE-2015-8778
CVE-2015-8779
CVE-2015-8776
...
CPE    10
cpe:/o:suse:suse_linux_enterprise_server:12
cpe:/o:suse:suse_linux_enterprise_desktop:12
cpe:/o:novell:opensuse:13.2
cpe:/a:gnu:glibc:2.22
...

© SecPod Technologies