SUSE-SU-2016:0471-1 -- Suse glibcID: oval:org.secpod.oval:def:400783 | Date: (C)2016-11-22 (M)2023-02-20 |
Class: PATCH | Family: unix |
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution - CVE-2014-9761: A stack overflow could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. - CVE-2015-8779: A stack overflow in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don"t do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork
Platform: |
SUSE Linux Enterprise Server 12 SP1 |
SUSE Linux Enterprise Desktop 12 SP1 |