107160

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142

https://kc.mcafee.com/corporate/index?page=content&id=SB10278

GLSA-202006-04

https://security.netapp.com/advisory/ntap-20190315-0002/

https://sourceware.org/bugzilla/show_bug.cgi?id=24114

https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9

https://support.f5.com/csp/article/K54823184

USN-4416-1

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202006-04 (glibc: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in glibc. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Stack-based buffer overflow in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) allows remote servers to cause a denial     of service (crash) or possibly unspecified other impact     via a flood of crafted ICMP and UDP     packets.(CVE-2016-4429)

  - Integer overflow in the strxfrm function in the GNU C     Library (aka glibc or libc6) before 2.21 allows     context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string, which triggers a stack-based buffer     overflow.(CVE-2015-8982)

  - The posix_spawn_file_actions_addopen function in glibc     before 2.20 does not copy its path argument in     accordance with the POSIX specification, which allows     context-dependent attackers to trigger use-after-free     vulnerabilities.(CVE-2014-4043)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash).(CVE-2015-5180)

  - A buffer overflow has been discovered in the GNU C     Library (aka glibc or libc6) in the
    __mempcpy_avx512_no_vzeroupper function when particular     conditions are met. An attacker could use this     vulnerability to cause a denial of service or     potentially execute code.(CVE-2018-11237)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     proceed_next_node in posix/regexec.c has a heap-based     buffer over-read via an attempted case-insensitive     regular-expression match.(CVE-2019-9169)

  - The iconv program in the GNU C Library (aka glibc or     libc6) 2.25 and earlier, when invoked with the -c     option, enters an infinite loop when processing invalid     multi-byte input sequences, leading to a denial of     service.(CVE-2016-10228)

  - The DNS stub resolver in the GNU C Library (aka glibc     or libc6) before version 2.26, when EDNS support is     enabled, will solicit large UDP responses from name     servers, potentially simplifying off-path DNS spoofing     attacks due to IP fragmentation.(CVE-2017-12132)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

Security issues fixed :

CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).

CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).

Non-security issues fixed: Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

Security issues fixed :

  - CVE-2019-9169: Fixed a heap-based buffer over-read via     an attempted case-insensitive regular-expression match     (bsc#1127308).

  - CVE-2009-5155: Fixed a denial of service in     parse_reg_exp() (bsc#1127223).

Non-security issues fixed :

  - Does no longer compress debug sections in crt*.o files     (bsc#1123710)

  - Fixes a concurrency problem in ldconfig (bsc#1117993)

  - Fixes a race condition in pthread_mutex_lock while     promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

This update was imported from the SUSE:SLE-15:Update update project.

This update for glibc fixes the following issues :

Security issues fixed :

CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).

CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).

Non-security issues fixed: Does no longer compress debug sections in crt*.o files (bsc#1123710)

Fixes a concurrency problem in ldconfig (bsc#1117993)

Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

Security issue fixed :

CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - It was discovered that the nss_files backend for the     Name Service Switch in glibc would return incorrect     data to applications or corrupt the heap (depending on     adjacent heap contents). A local attacker could     potentially use this flaw to execute arbitrary code on     the system.(CVE-2015-5277)

  - A directory traveral flaw was found in the way glibc     loaded locale files. An attacker able to make an     application use a specially crafted locale name value     (for example, specified in an LC_* environment     variable) could possibly use this flaw to execute     arbitrary code with the privileges of that     application.(CVE-2014-0475)

  - It was found that out-of-range time values passed to     the strftime() function could result in an     out-of-bounds memory access. This could lead to     application crash or, potentially, information     disclosure.(CVE-2015-8776)

  - The GNU C Library (aka glibc or libc6) before 2.27     contains an off-by-one error leading to a heap-based     buffer overflow in the glob function in glob.c, related     to the processing of home directories using the ~     operator followed by a long string.(CVE-2017-15670)

  - The PTR_MANGLE implementation in the GNU C Library (aka     glibc or libc6) 2.4, 2.17, and earlier, and Embedded     GLIBC (EGLIBC) does not initialize the random value for     the pointer guard, which makes it easier for     context-dependent attackers to control execution flow     by leveraging a buffer-overflow vulnerability in an     application and using the known zero value pointer     guard to calculate a pointer address.(CVE-2013-4788)

  - An out-of-bounds read flaw was found in the way glibc's     iconv() function converted certain encoded data to     UTF-8. An attacker able to make an application call the     iconv() function with a specially crafted argument     could use this flaw to crash that     application.(CVE-2014-6040)

  - A stack overflow vulnerability was found in
    _nss_dns_getnetbyname_r. On systems with nsswitch     configured to include ''networks: dns'' with a     privileged or network-facing service that would attempt     to resolve user-provided network names, an attacker     could provide an excessively long network name,     resulting in stack corruption and code     execution.(CVE-2016-3075)

  - Integer overflow in string/strcoll_l.c in the GNU C     Library (aka glibc or libc6) 2.17 and earlier allows     context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string, which triggers a heap-based buffer     overflow.(CVE-2012-4412)

  - A heap-based buffer overflow flaw was found in glibc's     swscanf() function. An attacker able to make an     application call the swscanf() function could use this     flaw to crash that application or, potentially, execute     arbitrary code with the permissions of the user running     the application.(CVE-2015-1472)

  - It was found that getaddrinfo() did not limit the     amount of stack memory used during name resolution. An     attacker able to make an application resolve an     attacker-controlled hostname or IP address could     possibly cause the application to exhaust all stack     memory and crash.(CVE-2013-1914)

  - A stack overflow vulnerability was found in nan*     functions that could cause applications, which process     long strings with the nan function, to crash or,     potentially, execute arbitrary code.(CVE-2014-9761)

  - An out-of-bounds write flaw was found in the way the     glibc's readdir_r() function handled file system     entries longer than the NAME_MAX character constant. A     remote attacker could provide a specially crafted NTFS     or CIFS file system that, when processed by an     application using readdir_r(), would cause that     application to crash or, potentially, allow the     attacker to execute arbitrary code with the privileges     of the user running the application.(CVE-2013-4237)

  - It was discovered that, under certain circumstances,     glibc's getaddrinfo() function would send DNS queries     to random file descriptors. An attacker could     potentially use this flaw to send DNS queries to     unintended recipients, resulting in information     disclosure or data loss due to the application     encountering corrupted data.(CVE-2013-7423)

  - A buffer overflow flaw was found in the way glibc's     gethostbyname_r() and other related functions computed     the size of a buffer when passed a misaligned buffer as     input. An attacker able to make an application call any     of these functions with a misaligned buffer could use     this flaw to crash the application or, potentially,     execute arbitrary code with the permissions of the user     running the application.(CVE-2015-1781)

  - The nss_dns implementation of getnetbyname in GNU C     Library (aka glibc) before 2.21, when the DNS backend     in the Name Service Switch configuration is enabled,     allows remote attackers to cause a denial of service     (infinite loop) by sending a positive answer while a     network name is being process.(CVE-2014-9402)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     proceed_next_node in posix/regexec.c has a heap-based     buffer over-read via an attempted case-insensitive     regular-expression match.(CVE-2019-9169)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

Security issues fixed :

CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114)

CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018)

CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986)

Non-security issues fixed: Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271)

Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093)

Added cfi information for start routines in order to stop unwinding (bsc#1128574)

ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - In the GNU C Library (aka glibc or libc6) through 2.29,     proceed_next_node in posix/regexec.c has a heap-based     buffer over-read via an attempted case-insensitive     regular-expression match.(CVE-2019-9169)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In the GNU C Library (aka glibc or libc6) before 2.28,     parse_reg_exp in posix/regcomp.c misparses     alternatives, which allows attackers to cause a denial     of service (assertion failure and application exit) or     trigger an incorrect result by attempting a     regular-expression match.(CVE-2009-5155)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     proceed_next_node in posix/regexec.c has a heap-based     buffer over-read via an attempted case-insensitive     regular-expression match.(CVE-2019-9169)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
138166	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)	Nessus	Ubuntu Local Security Checks	high
137441	GLSA-202006-04 : glibc: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
129223	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)	Nessus	Huawei Local Security Checks	high
128018	SUSE SLES12 Security Update : glibc (SUSE-SU-2019:1958-2)	Nessus	SuSE Local Security Checks	high
127035	openSUSE Security Update : glibc (openSUSE-2019-1798)	Nessus	SuSE Local Security Checks	high
126986	SUSE SLES12 Security Update : glibc (SUSE-SU-2019:1958-1)	Nessus	SuSE Local Security Checks	high
126812	SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2019:1877-1)	Nessus	SuSE Local Security Checks	high
125984	SUSE SLES11 Security Update : glibc (SUSE-SU-2019:14084-1)	Nessus	SuSE Local Security Checks	high
125005	EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)	Nessus	Huawei Local Security Checks	high
124451	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2019:1102-1)	Nessus	SuSE Local Security Checks	high
123728	EulerOS Virtualization 2.5.3 : glibc (EulerOS-SA-2019-1260)	Nessus	Huawei Local Security Checks	high
123609	EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1135)	Nessus	Huawei Local Security Checks	high
123585	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1111)	Nessus	Huawei Local Security Checks	high

CVE-2019-9169

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins