openSUSE-SU-2016:1527

openSUSE-SU-2016:1779

102073

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

[debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update

https://source.android.com/security/bulletin/2017-12-01

https://sourceware.org/bugzilla/show_bug.cgi?id=20112

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c

USN-3759-1

USN-3759-2

It was discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP packets.

For Debian 8 'Jessie', this problem has been fixed in version 0.2.5-1+deb8u3.

We recommend that you upgrade your libtirpc packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Stack-based buffer overflow in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) allows remote servers to cause a denial     of service (crash) or possibly unspecified other impact     via a flood of crafted ICMP and UDP     packets.(CVE-2016-4429)

  - Integer overflow in the strxfrm function in the GNU C     Library (aka glibc or libc6) before 2.21 allows     context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string, which triggers a stack-based buffer     overflow.(CVE-2015-8982)

  - The posix_spawn_file_actions_addopen function in glibc     before 2.20 does not copy its path argument in     accordance with the POSIX specification, which allows     context-dependent attackers to trigger use-after-free     vulnerabilities.(CVE-2014-4043)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash).(CVE-2015-5180)

  - A buffer overflow has been discovered in the GNU C     Library (aka glibc or libc6) in the
    __mempcpy_avx512_no_vzeroupper function when particular     conditions are met. An attacker could use this     vulnerability to cause a denial of service or     potentially execute code.(CVE-2018-11237)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     proceed_next_node in posix/regexec.c has a heap-based     buffer over-read via an attempted case-insensitive     regular-expression match.(CVE-2019-9169)

  - The iconv program in the GNU C Library (aka glibc or     libc6) 2.25 and earlier, when invoked with the -c     option, enters an infinite loop when processing invalid     multi-byte input sequences, leading to a denial of     service.(CVE-2016-10228)

  - The DNS stub resolver in the GNU C Library (aka glibc     or libc6) before version 2.26, when EDNS support is     enabled, will solicit large UDP responses from name     servers, potentially simplifying off-path DNS spoofing     attacks due to IP fragmentation.(CVE-2017-12132)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Stack-based buffer overflow in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) allows remote servers to cause a denial     of service (crash) or possibly unspecified other impact     via a flood of crafted ICMP and UDP     packets.(CVE-2016-4429)

  - Integer overflow in the strxfrm function in the GNU C     Library (aka glibc or libc6) before 2.21 allows     context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string, which triggers a stack-based buffer     overflow.(CVE-2015-8982)

  - The posix_spawn_file_actions_addopen function in glibc     before 2.20 does not copy its path argument in     accordance with the POSIX specification, which allows     context-dependent attackers to trigger use-after-free     vulnerabilities.(CVE-2014-4043)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - elf/dl-load.c in the GNU C Library (aka glibc or libc6)     2.19 through 2.26 mishandles RPATH and RUNPATH     containing $ORIGIN for a privileged (setuid or     AT_SECURE) program, which allows local users to gain     privileges via a Trojan horse library in the current     working directory, related to the fillin_rpath and     decompose_rpath functions. This is associated with     misinterpretion of an empty RPATH/RUNPATH token as the     './' directory. NOTE: this configuration of     RPATH/RUNPATH for a privileged program is apparently     very uncommon most likely, no such program is shipped     with any common Linux distribution(CVE-2017-16997)

  - Stack-based buffer overflow in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) allows remote servers to cause a denial     of service (crash) or possibly unspecified other impact     via a flood of crafted ICMP and UDP     packets.(CVE-2016-4429)

  - Integer overflow in the strxfrm function in the GNU C     Library (aka glibc or libc6) before 2.21 allows     context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string, which triggers a stack-based buffer     overflow.(CVE-2015-8982)

  - A buffer overflow has been discovered in the GNU C     Library (aka glibc or libc6) in the
    __mempcpy_avx512_no_vzeroupper function when particular     conditions are met. An attacker could use this     vulnerability to cause a denial of service or     potentially execute code.(CVE-2018-11237)

  - The posix_spawn_file_actions_addopen function in glibc     before 2.20 does not copy its path argument in     accordance with the POSIX specification, which allows     context-dependent attackers to trigger use-after-free     vulnerabilities.(CVE-2014-4043)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the glibc package has been released.

Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429)

It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14622)

It was discovered that libtirpc incorrectly handled certain strings.
An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-8779).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released.

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience.

Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service.
(CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

  - Drop old fix that could break services that start before     IPv6 is up. (bsc#931399)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Relocate DSOs in dependency order, fixing a potential     crash during symbol relocation phase. (bsc#986302)

  - Fix nscd assertion failure in gc. (bsc#965699)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call. (CVE-2016-4429,     bsc#980854)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc provides the following fixes :

  - Increase DTV_SURPLUS limit. (bsc#968787)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix malloc performance regression from SLE 11.
    (bsc#975930)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call. (CVE-2016-4429,     bsc#980854)

  - Remove mtrace.1, now included in the man-pages package.
    (bsc#967190)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc provides the following fixes :

  - Increase DTV_SURPLUS limit. (bsc#968787)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix malloc performance regression from SLE 11.
    (bsc#975930)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call (CVE-2016-4429,     bsc#980854)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This updated addresses a minor security vulnerability in the Sun RPC client (CVE-2016-4429), increases compatibility with GCC 6, and addresses a problem which caused `fork` to crash when `BIND_NOW` was used for linking shared objects.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc provides the following fixes :

  - Increase DTV_SURPLUS limit. (bsc#968787)

  - Do not copy d_name field of struct dirent.
    (CVE-2016-1234, bsc#969727)

  - Fix memory leak in _nss_dns_gethostbyname4_r.
    (bsc#973010)

  - Fix stack overflow in _nss_dns_getnetbyname_r.
    (CVE-2016-3075, bsc#973164)

  - Fix malloc performance regression from SLE 11.
    (bsc#975930)

  - Fix getaddrinfo stack overflow in hostent conversion.
    (CVE-2016-3706, bsc#980483)

  - Do not use alloca in clntudp_call. (CVE-2016-4429,     bsc#980854)

  - Remove mtrace.1, now included in the man-pages package.
    (bsc#967190)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This update for glibc fixes the following issues :

  - glob-altdirfunc.patch: Do not copy d_name field of     struct dirent (CVE-2016-1234, boo#969727, BZ #19779)

  - nss-dns-memleak-2.patch: fix memory leak in
    _nss_dns_gethostbyname4_r (boo#973010)

  - nss-dns-getnetbyname.patch: fix stack overflow in
    _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ     #19879)

  - getaddrinfo-hostent-conv-stack-overflow.patch:
    getaddrinfo stack overflow in hostent conversion     (CVE-2016-3706, boo#980483, BZ #20010)

  - clntudp-call-alloca.patch: do not use alloca in     clntudp_call (CVE-2016-4429, boo#980854, BZ #20112)

ID	Name	Product	Family	Severity
137859	Debian DLA-2256-1 : libtirpc security update	Nessus	Debian Local Security Checks	medium
129223	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)	Nessus	Huawei Local Security Checks	high
126849	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1721)	Nessus	Huawei Local Security Checks	high
126294	EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667)	Nessus	Huawei Local Security Checks	high
121682	Photon OS 1.0: Glibc PHSA-2017-0013	Nessus	PhotonOS Local Security Checks	medium
117331	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libtirpc vulnerabilities (USN-3759-1)	Nessus	Ubuntu Local Security Checks	high
111862	Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)	Nessus	PhotonOS Local Security Checks	high
97936	Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)	Nessus	Ubuntu Local Security Checks	medium
97887	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)	Nessus	Ubuntu Local Security Checks	medium
97856	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)	Nessus	Ubuntu Local Security Checks	medium
93309	SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)	Nessus	SuSE Local Security Checks	medium
93175	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)	Nessus	SuSE Local Security Checks	medium
93173	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)	Nessus	SuSE Local Security Checks	medium
92145	Fedora 23 : glibc (2016-b2dfb591cd)	Nessus	Fedora Local Security Checks	high
92084	Fedora 24 : glibc (2016-3c5d606035)	Nessus	Fedora Local Security Checks	high
91987	openSUSE Security Update : glibc (openSUSE-2016-852)	Nessus	SuSE Local Security Checks	high
91534	openSUSE Security Update : glibc (openSUSE-2016-699)	Nessus	SuSE Local Security Checks	high

CVE-2016-4429

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins