SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This collective update for the GNU C library (glibc) provides the
following fixes and enhancements :

Security issues fixed :

- Fix stack overflow in getaddrinfo with many results.
(bnc#813121, CVE-2013-1914)

- Fixed another stack overflow in getaddrinfo with many
results (bnc#828637)

- Fix buffer overflow in glob. (bnc#691365)
(CVE-2010-4756)

- Fix array overflow in floating point parser [bnc#775690]
(CVE-2012-3480)

- Fix strtod integer/buffer overflows [bnc#775690]
(CVE-2012-3480) Make addmntent return errors also for
cached streams. [bnc #676178, CVE-2011-1089]

- Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406]

- Add vfprintf-nargs.diff for possible format string
overflow. [bnc #747768, CVE-2012-0864]

- Check values from file header in __tzfile_read. [bnc
#735850, CVE-2009-5029]

Also several bugs were fixed :

- Fix locking in _IO_cleanup. (bnc#796982)

- Fix memory leak in execve. (bnc#805899) Fix nscd
timestamps in logging (bnc#783196)

- Fix perl script error message (bnc#774467)

- Fall back to localhost if no nameserver defined
(bnc#818630)

- Fix incomplete results from nscd. [bnc #753756]

- Fix a deadlock in dlsym in case the symbol isn't found,
for multithreaded programs. [bnc #760216]

- Fix problem with TLS and dlopen. [#732110]

- Backported regex fix for skipping of valid EUC-JP
matches [bnc#743689]

- Fixed false regex match on incomplete chars in EUC-JP
[bnc#743689]

- Add glibc-pmap-timeout.diff in order to fix useless
connection attempts to NFS servers. [bnc #661460]

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?1c6953c2
http://support.novell.com/security/cve/CVE-2009-5029.html
http://support.novell.com/security/cve/CVE-2010-4756.html
http://support.novell.com/security/cve/CVE-2011-1089.html
http://support.novell.com/security/cve/CVE-2012-0864.html
http://support.novell.com/security/cve/CVE-2012-3480.html
http://support.novell.com/security/cve/CVE-2013-1914.html
https://bugzilla.novell.com/661460
https://bugzilla.novell.com/676178
https://bugzilla.novell.com/691365
https://bugzilla.novell.com/732110
https://bugzilla.novell.com/735850
https://bugzilla.novell.com/743689
https://bugzilla.novell.com/747768
https://bugzilla.novell.com/753756
https://bugzilla.novell.com/760216
https://bugzilla.novell.com/770891
https://bugzilla.novell.com/774467
https://bugzilla.novell.com/775690
https://bugzilla.novell.com/783196
https://bugzilla.novell.com/796982
https://bugzilla.novell.com/805899
https://bugzilla.novell.com/813121
https://bugzilla.novell.com/818630
https://bugzilla.novell.com/828637
http://www.nessus.org/u?16a241e5

Solution :

Update the affected glibc packages

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:ND/RC:UR)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 83597 ()

Bugtraq ID: 46740
50898
52201
54982
58839

CVE ID: CVE-2009-5029
CVE-2010-4756
CVE-2011-1089
CVE-2012-0864
CVE-2012-3480
CVE-2013-1914

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now