openSUSE Security Update : glibc (openSUSE-2016-224)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for glibc fixes the following security issues :

- CVE-2015-7547: A stack-based buffer overflow in
getaddrinfo allowed remote attackers to cause a crash or
execute arbitrary code via crafted and timed DNS
responses (bsc#961721)

- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD
environment variable allowed local attackers to bypass
the pointer guarding protection of the dynamic loader on
set-user-ID and set-group-ID programs (bsc#950944)

- CVE-2015-8776: Out-of-range time values passed to the
strftime function may cause it to crash, leading to a
denial of service, or potentially disclosure information

- CVE-2015-8778: Integer overflow in hcreate and hcreate_r
could have caused an out-of-bound memory access. leading
to application crashes or, potentially, arbitrary code
execution (bsc#962737)

- CVE-2014-9761: A stack overflow (unbounded alloca) could
have caused applications which process long strings with
the nan function to crash or, potentially, execute
arbitrary code. (bsc#962738)

- CVE-2015-8779: A stack overflow (unbounded alloca) in
the catopen function could have caused applications
which pass long strings to the catopen function to crash
or, potentially execute arbitrary code. (bsc#962739)

The following non-security bugs were fixed :

- bsc#955647: Resource leak in resolver

- bsc#956716: Don't do lock elision on an error checking

- bsc#958315: Reinitialize dl_load_write_lock on fork

This update was imported from the SUSE:SLE-12-SP1:Update update

See also :

Solution :

Update the affected glibc packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 88829 ()

Bugtraq ID:

CVE ID: CVE-2014-9761

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now