Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
Looks like the patch for this is out for SLE11 and 12 now, I would
assume that oS isn't far behind:


│Patch: slessp3-glibc-12406 Kind:
security Version:
1





│This update for glibc fixes the following issues: -
CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed
remote attackers to │
│cause a crash or execute arbitrary code via
crafted and timed DNS responses (bsc#961721) - CVE-2015-8777:
Insufficient checking of │
│LD_POINTER_GUARD environment
variable allowed local attackers to bypass the pointer guarding
protection of the dynamic loader on set-user-ID│
│and set-group-ID
programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed
to the strftime function may cause it to crash, │
│leading to a
denial of service, or potentially disclosure information (bsc#962736) -
CVE-2015-8778: Integer overflow in hcreate and │
│hcreate_r
could have caused an out-of-bound memory access. leading to application
crashes or, potentially, arbitrary code execution ┴
│(bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused
applications which process long strings with the nan │
│function
to crash or, potentially, execute arbitrary code. (bsc#962738) -
CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen │
│function
could have caused applications which pass long strings to the catopen
function to crash or, potentially execute arbitrary code. │
│(bsc#962739)
The following non-security bugs were fixed: - bsc#930721: Accept
leading and trailing spaces in getdate input string - │
│bsc#942317:
Recognize power8 platform - bsc#950944: Always enable pointer guard -
bsc#956988: Fix deadlock in __dl_iterate_phdr │



│References:


│962737 (bugzilla): VUL-1: CVE-2015-8778: glibc: hcreate((size_t)-1)
should fail with ENOMEM
│962736
(bugzilla): VUL-1: CVE-2015-8776: glibc: Passing out of range data to
strftime() causes a segfault │
│961721
(bugzilla): VUL-0: CVE-2015-7547: glibc getaddrinfo stack-based buffer
overflow │
│962738
(bugzilla): VUL-1: CVE-2014-9761: glibc: nan function unbounded stack
allocation │
│942317
(bugzilla): SLES11 SP4 on Power8 uses unoptimized glibc variant --
regression from SLES11 SP3 (found by tests of SAP HANA on POWER) │
│950944
(bugzilla): VUL-1: CVE-2015-8777: glibc: pointer guarding
weakness


│956988 (bugzilla): Partner-L3: SLES 11 SP4: deadlock in
__dl_iterate_phdr caused by
'dl_load_lock' │
│962739
(bugzilla): VUL-1: CVE-2015-8779: glibc: catopen() Multiple unbounded
stack allocations ┬
│930721
(bugzilla): LSB: getdate does not accept leading and trailing
whitespaces │
│CVE-2015-8777
(cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777


│CVE-2015-8779 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779


│CVE-2015-8778 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778


│CVE-2015-8776 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776


│CVE-2015-7547 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547


│CVE-2014-9761 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9761




┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│Patch:
SUSE-SLE-SERVER-12-2016-272 Kind: security Version:
1








│This update for glibc fixes the following security
issues:





│- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo
allowed remote attackers to cause a crash or execute arbitrary code via
crafte│
│- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD
environment variable allowed local attackers to bypass the pointer
guarding prote┴
│- CVE-2015-8776: Out-of-range time values passed to
the strftime function may cause it to crash, leading to a denial of
service, or potentia│
│- CVE-2015-8778: Integer overflow in hcreate
and hcreate_r could have caused an out-of-bound memory access. leading
to application crashes o│
│- CVE-2014-9761: A stack overflow
(unbounded alloca) could have caused applications which process long
strings with the nan function to cras│
│- CVE-2015-8779: A stack
overflow (unbounded alloca) in the catopen function could have caused
applications which pass long strings to the c│



│The following non-security bugs were
fixed:





│- bsc#955647: Resource leak in
resolver


│- bsc#956716: Don't do lock elision on an error checking
mutex


│- bsc#958315: Reinitialize dl_load_write_lock on
fork





│References:


│961721 (bugzilla): VUL-0: CVE-2015-7547: glibc getaddrinfo
stack-based buffer
overflow │
│962737
(bugzilla): VUL-1: CVE-2015-8778: glibc: hcreate((size_t)-1) should
fail with ENOMEM │
│962736
(bugzilla): VUL-1: CVE-2015-8776: glibc: Passing out of range data to
strftime() causes a segfault │
│956716
(bugzilla): Partner-L3: Issue with lock elision and 3rd party
software ┬
│962738
(bugzilla): VUL-1: CVE-2014-9761: glibc: nan function unbounded stack
allocation │
│950944
(bugzilla): VUL-1: glibc: pointer guarding
weakness


│962739 (bugzilla): VUL-1: CVE-2015-8779: glibc: catopen()
Multiple unbounded stack
allocations │
│958315
(bugzilla): dl_load_write_lock isn't reinitialised during
fork


│955647 (bugzilla): Resource leak in
resolver


│CVE-2014-9761 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9761


│CVE-2015-8779 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779


│CVE-2015-8778 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778


│CVE-2015-7547 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547


│CVE-2015-8777 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777


│CVE-2015-8776 (cve):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
References