SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This collective update for the GNU C library (glibc) provides the
following fixes and enhancements :

Security issues fixed :

- Fix stack overflow in getaddrinfo with many results.
(bnc#813121, CVE-2013-1914)

- Fixed another stack overflow in getaddrinfo with many
results (bnc#828637)

- Fix buffer overflow in glob. (bnc#691365)

- Fix array overflow in floating point parser [bnc#775690]

- Fix strtod integer/buffer overflows [bnc#775690]
(CVE-2012-3480) Make addmntent return errors also for
cached streams. [bnc #676178, CVE-2011-1089]

- Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406]

- Add vfprintf-nargs.diff for possible format string
overflow. [bnc #747768, CVE-2012-0864]

- Check values from file header in __tzfile_read. [bnc
#735850, CVE-2009-5029]

Also several bugs were fixed :

- Fix locking in _IO_cleanup. (bnc#796982)

- Fix memory leak in execve. (bnc#805899) Fix nscd
timestamps in logging (bnc#783196)

- Fix perl script error message (bnc#774467)

- Fall back to localhost if no nameserver defined

- Fix incomplete results from nscd. [bnc #753756]

- Fix a deadlock in dlsym in case the symbol isn't found,
for multithreaded programs. [bnc #760216]

- Fix problem with TLS and dlopen. [#732110]

- Backported regex fix for skipping of valid EUC-JP
matches [bnc#743689]

- Fixed false regex match on incomplete chars in EUC-JP

- Add glibc-pmap-timeout.diff in order to fix useless
connection attempts to NFS servers. [bnc #661460]

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

Solution :

Update the affected glibc packages

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 6.5
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 83597 ()

Bugtraq ID: 46740

CVE ID: CVE-2009-5029

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now