openSUSE-SU-2016:1527

openSUSE-SU-2016:1779

102073

88440

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

https://source.android.com/security/bulletin/2017-12-01

https://sourceware.org/bugzilla/show_bug.cgi?id=20010

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - GNU Libc current is affected by: Re-mapping current     loaded library with malicious ELF file. The impact is:
    In worst case attacker may evaluate privileges. The     component is: libld. The attack vector is: Attacker     sends 2 ELF files to victim and asks to run ldd on it.
    ldd execute code. NOTE: Upstream comments indicate     'this is being treated as a non-security bug and no     real threat.'(CVE-2019-1010023)

  - Stack-based buffer overflow in the getaddrinfo function     in sysdeps/posix/getaddrinfo.c in the GNU C Library     (aka glibc or libc6) allows remote attackers to cause a     denial of service (crash) via vectors involving hostent     conversion. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2013-4458.(CVE-2016-3706)

  - The iconv feature in the GNU C Library (aka glibc or     libc6) through 2.32, when processing invalid multi-byte     input sequences in the EUC-KR encoding, may have a     buffer over-read.(CVE-2019-25013)

  - The iconv function in the GNU C Library (aka glibc or     libc6) 2.32 and earlier, when processing invalid input     sequences in the ISO-2022-JP-3 encoding, fails an     assertion in the code path and aborts the program,     potentially resulting in a denial of     service.(CVE-2021-3326)

  - The iconv function in the GNU C Library (aka glibc or     libc6) 2.32 and earlier, when processing invalid     multi-byte input sequences in IBM1364, IBM1371,     IBM1388, IBM1390, and IBM1399 encodings, fails to     advance the input state, which could lead to an     infinite loop in applications, resulting in a denial of     service, a different vulnerability from     CVE-2016-10228.(CVE-2020-27618)

  - The makecontext function in the GNU C Library (aka     glibc or libc6) before 2.25 creates execution contexts     incompatible with the unwinder on ARM EABI (32-bit)     platforms, which might allow context-dependent     attackers to cause a denial of service (hang), as     demonstrated by applications compiled using gccgo,     related to backtrace generation.(CVE-2016-6323)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The glibc package contains standard libraries which are     used by multiple programs on the system. In order to     save disk space and memory, as well as to make     upgrading easier, common system code is kept in one     place and shared between programs. This particular     package contains the most important sets of shared     libraries: the standard C library and the standard math     library. Without these two libraries, a Linux system     will not function.Security Fix(es):Stack-based buffer     overflow in the getaddrinfo function in     sysdeps/posix/getaddrinfo.c in the GNU C Library (aka     glibc or libc6) allows remote attackers to cause a     denial of service (crash) via vectors involving hostent     conversion. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2013-4458.(CVE-2016-3706)In     the GNU C Library (aka glibc or libc6) through 2.29,     check_dst_limits_calc_pos_1 in posix/regexec.c has     Uncontrolled Recursion, as demonstrated by     '(|)(\\1\\1)*' in grep, a different issue than     CVE-2018-20796. NOTE: the software maintainer disputes     that this is a vulnerability because the behavior     occurs only with a crafted pattern.(CVE-2019-9192)In     the GNU C Library (aka glibc or libc6) through 2.29,     check_dst_limits_calc_pos_1 in posix/regexec.c has     Uncontrolled Recursion, as demonstrated by     '(\227|)(\\1\\1|t1|\\\2537)+' in     grep.(CVE-2018-20796)GNU Libc current is affected by:
    Re-mapping current loaded library with malicious ELF     file. The impact is: In worst case attacker may     evaluate privileges. The component is: libld. The     attack vector is: Attacker sends 2 ELF files to victim     and asks to run ldd on it. ldd execute     code.(CVE-2019-1010023)A use-after-free vulnerability     introduced in glibc upstream version 2.14 was found in     the way the tilde expansion was carried out. Directory     paths containing an initial tilde followed by a valid     username were affected by this issue. A local attacker     could exploit this flaw by creating a specially crafted     path that, when processed by the glob function, would     potentially lead to arbitrary code execution. This was     fixed in version 2.32.(CVE-2020-1752)The GNU C Library     (aka glibc or libc6) before 2.32 could overflow an     on-stack buffer during range reduction if an input to     an 80-bit long double function contains a non-canonical     bit pattern, a seen when passing a     0x5d414141414141410000 value to sinl on x86 targets.
    This is related to     sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.(CVE-2020-10029)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities:

  - The GNU C Library (aka glibc or libc6) before 2.27     contains an off-by-one error leading to a heap-based     buffer overflow in the glob function in glob.c, related     to the processing of home directories using the ~     operator followed by a long string. (CVE-2017-15670)

  - The DNS stub resolver in the GNU C Library (aka glibc or     libc6) before version 2.26, when EDNS support is     enabled, will solicit large UDP responses from name     servers, potentially simplifying off-path DNS spoofing     attacks due to IP fragmentation. (CVE-2017-12132)

  - The glob function in glob.c in the GNU C Library (aka     glibc or libc6) before 2.27 contains a buffer overflow     during unescaping of user names with the ~ operator.
    (CVE-2017-15804)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash). (CVE-2015-5180)

  - The nss_dns implementation of getnetbyname in GNU C     Library (aka glibc) before 2.21, when the DNS backend in     the Name Service Switch configuration is enabled, allows     remote attackers to cause a denial of service (infinite     loop) by sending a positive answer while a network name     is being process. (CVE-2014-9402)

  - In glibc 2.26 and earlier there is confusion in the     usage of getcwd() by realpath() which can be used to     write before the destination buffer leading to a buffer     underflow and potential code execution.
    (CVE-2018-1000001)

  - Stack-based buffer overflow in the getaddrinfo function     in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka     glibc or libc6) allows remote attackers to cause a     denial of service (crash) via vectors involving hostent     conversion. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2013-4458. (CVE-2016-3706)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - stdlib/canonicalize.c in the GNU C Library (aka glibc     or libc6) 2.27 and earlier, when processing very long     pathname arguments to the realpath function, could     encounter an integer overflow on 32-bit architectures,     leading to a stack-based buffer overflow and,     potentially, arbitrary code execution.(CVE-2018-11236)

  - An integer overflow vulnerability was found in     hcreate() and hcreate_r() functions which could result     in an out-of-bounds memory access. This could lead to     application crash or, potentially, arbitrary code     execution.(CVE-2015-8778)

  - A stack-based buffer overflow was found in the way the     libresolv library performed dual A/AAAA DNS queries. A     remote attacker could create a specially crafted DNS     response which could cause libresolv to crash or,     potentially, execute code with the permissions of the     user running the library. Note: this issue is only     exposed when libresolv is called from the nss_dns NSS     service module.(CVE-2015-7547)

  - A flaw was found in the regular expression matching     routines that process multibyte character input. If an     application utilized the glibc regular expression     matching mechanism, an attacker could provide     specially-crafted input that, when processed, would     cause the application to crash.(CVE-2013-0242)

  - A flaw was found in the way memory was being allocated     on the stack for user space binaries. If heap (or     different memory region) and stack memory regions were     adjacent to each other, an attacker could use this flaw     to jump over the stack guard gap, cause controlled     memory corruption on process stack or the adjacent     memory region, and thus increase their privileges on     the system. This is glibc-side mitigation which blocks     processing of LD_LIBRARY_PATH for programs running in     secure-execution mode and reduces the number of     allocations performed by the processing of LD_AUDIT,     LD_PRELOAD, and LD_HWCAP_MASK, making successful     exploitation of this issue more     difficult.(CVE-2017-1000366)

  - The DNS stub resolver in the GNU C Library (aka glibc     or libc6) before version 2.26, when EDNS support is     enabled, will solicit large UDP responses from name     servers, potentially simplifying off-path DNS spoofing     attacks due to IP fragmentation.(CVE-2017-12132)

  - It was found that the files back end of Name Service     Switch (NSS) did not isolate iteration over an entire     database from key-based look-up API calls. An     application performing look-ups on a database while     iterating over it could enter an infinite loop, leading     to a denial of service.(CVE-2014-8121)

  - Stack-based buffer overflow in the getaddrinfo function     in sysdeps/posix/getaddrinfo.c in the GNU C Library     (aka glibc or libc6) allows remote attackers to cause a     denial of service (crash) via vectors involving hostent     conversion. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2013-4458.(CVE-2016-3706)

  - In glibc 2.26 and earlier there is confusion in the     usage of getcwd() by realpath() which can be used to     write before the destination buffer leading to a buffer     underflow and potential code     execution.(CVE-2018-1000001)

  - Stack-based buffer overflow in string/strcoll_l.c in     the GNU C Library (aka glibc or libc6) 2.17 and earlier     allows context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string that triggers a malloc failure and use of     the alloca function.(CVE-2012-4424)

  - It was found that the dynamic loader did not sanitize     the LD_POINTER_GUARD environment variable. An attacker     could use this flaw to bypass the pointer guarding     protection on set-user-ID or set-group-ID programs to     execute arbitrary code with the permissions of the user     running the application.(CVE-2015-8777)

  - The glob function in glob.c in the GNU C Library (aka     glibc or libc6) before 2.27 contains a buffer overflow     during unescaping of user names with the ~     operator.(CVE-2017-15804)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash).(CVE-2015-5180)

  - pt_chown in GNU C Library (aka glibc or libc6) before     2.18 does not properly check permissions for tty files,     which allows local users to change the permission on     the files and obtain access to arbitrary     pseudo-terminals by leveraging a FUSE file     system.(CVE-2013-2207)

  - A stack overflow flaw was found in glibc's swscanf()     function. An attacker able to make an application call     the swscanf() function could use this flaw to crash     that application or, potentially, execute arbitrary     code with the permissions of the user running the     application.(CVE-2015-1473)

  - It was found that getaddrinfo() did not limit the     amount of stack memory used during name resolution. An     attacker able to make an application resolve an     attacker-controlled hostname or IP address could     possibly cause the application to exhaust all stack     memory and crash.(CVE-2013-4458)

  - A heap-based buffer overflow was found in glibc's
    __nss_hostname_digits_dots() function, which is used by     the gethostbyname() and gethostbyname2() glibc function     calls. A remote attacker able to make an application     call either of these functions could use this flaw to     execute arbitrary code with the permissions of the user     running the application.(CVE-2015-0235)

  - Multiple integer overflow flaws, leading to heap-based     buffer overflows, were found in glibc's memory     allocator functions (pvalloc, valloc, and memalign). If     an application used such a function, it could cause the     application to crash or, potentially, execute arbitrary     code with the privileges of the user running the     application.(CVE-2013-4332)

  - An integer overflow in the implementation of the     posix_memalign in memalign functions in the GNU C     Library (aka glibc or libc6) 2.26 and earlier could     cause these functions to return a pointer to a heap     area that is too small, potentially leading to heap     corruption.(CVE-2018-6485)

  - A stack based buffer overflow vulnerability was found     in the catopen() function. An excessively long string     passed to the function could cause it to crash or,     potentially, execute arbitrary code.(CVE-2015-8779)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the glibc package has been released.

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)

An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released.

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience.

Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service.
(CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

  - Drop old fix that could break services that start before     IPv6 is up. (bsc#931399)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Relocate DSOs in dependency order, fixing a potential     crash during symbol relocation phase. (bsc#986302)

  - Fix nscd assertion failure in gc. (bsc#965699)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call. (CVE-2016-4429,     bsc#980854)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc provides the following fixes :

  - Increase DTV_SURPLUS limit. (bsc#968787)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix malloc performance regression from SLE 11.
    (bsc#975930)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call. (CVE-2016-4429,     bsc#980854)

  - Remove mtrace.1, now included in the man-pages package.
    (bsc#967190)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc provides the following fixes :

  - Increase DTV_SURPLUS limit. (bsc#968787)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix malloc performance regression from SLE 11.
    (bsc#975930)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call (CVE-2016-4429,     bsc#980854)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update contains minor security fixes (for CVE-2016-3075, CVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs encountered by Fedora users.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update addresses a minor security bug (CVE-2016-3706) and works around a bug in Address Sanitizer (ASAN) which would cause ASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23 (Fedora#1335011). Locale updates are included as well.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc provides the following fixes :

  - Increase DTV_SURPLUS limit. (bsc#968787)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix malloc performance regression from SLE 11.
    (bsc#975930)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call. (CVE-2016-4429,     bsc#980854)

  - Remove mtrace.1, now included in the man-pages package.
    (bsc#967190)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This update for glibc fixes the following issues :

  - glob-altdirfunc.patch: Do not copy d_name field of     struct dirent (CVE-2016-1234, boo#969727, BZ #19779)

  - nss-dns-memleak-2.patch: fix memory leak in
    _nss_dns_gethostbyname4_r (boo#973010)

  - nss-dns-getnetbyname.patch: fix stack overflow in
    _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ     #19879)

  - getaddrinfo-hostent-conv-stack-overflow.patch:
    getaddrinfo stack overflow in hostent conversion     (CVE-2016-3706, boo#980483, BZ #20010)

  - clntudp-call-alloca.patch: do not use alloca in     clntudp_call (CVE-2016-4429, boo#980854, BZ #20112)

Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc :

CVE-2016-1234

Alexander Cherepanov discovered that the glibc's glob implementation suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name.

CVE-2016-3075

The getnetbyname implementation in nss_dns was susceptible to a stack overflow and a crash if it was invoked on a very long name.

CVE-2016-3706

Michael Petlan reported that getaddrinfo copied large amounts of address data to the stack, possibly leading to a stack overflow. This complements the fix for CVE-2013-4458.

For Debian 7 'Wheezy', these problems have been fixed in version 2.13-38+deb7u11.

We recommend you to upgrade your eglibc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
149140	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)	Nessus	Huawei Local Security Checks	high
137509	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2020-1667)	Nessus	Huawei Local Security Checks	high
127183	NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)	Nessus	NewStart CGSL Local Security Checks	critical
125004	EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)	Nessus	Huawei Local Security Checks	high
121682	Photon OS 1.0: Glibc PHSA-2017-0013	Nessus	PhotonOS Local Security Checks	high
119732	F5 Networks BIG-IP : glibc vulnerability (K06493172)	Nessus	F5 Networks Local Security Checks	high
111862	Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
97936	Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)	Nessus	Ubuntu Local Security Checks	high
97887	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)	Nessus	Ubuntu Local Security Checks	high
97856	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)	Nessus	Ubuntu Local Security Checks	high
93309	SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)	Nessus	SuSE Local Security Checks	high
93175	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)	Nessus	SuSE Local Security Checks	high
93173	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)	Nessus	SuSE Local Security Checks	high
92146	Fedora 24 : glibc (2016-b321728d74)	Nessus	Fedora Local Security Checks	high
92144	Fedora 23 : glibc (2016-b0e67c88b5)	Nessus	Fedora Local Security Checks	high
91987	openSUSE Security Update : glibc (openSUSE-2016-852)	Nessus	SuSE Local Security Checks	critical
91534	openSUSE Security Update : glibc (openSUSE-2016-699)	Nessus	SuSE Local Security Checks	high
91361	Debian DLA-494-1 : eglibc security update	Nessus	Debian Local Security Checks	high

CVE-2016-3706

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

critical

high

high

high

critical

high

high

high

high

high

high

high

high

critical

high

high