openSUSE Security Update : glibc (openSUSE-2016-224)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for glibc fixes the following security issues :

- CVE-2015-7547: A stack-based buffer overflow in
getaddrinfo allowed remote attackers to cause a crash or
execute arbitrary code via crafted and timed DNS
responses (bsc#961721)

- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD
environment variable allowed local attackers to bypass
the pointer guarding protection of the dynamic loader on
set-user-ID and set-group-ID programs (bsc#950944)

- CVE-2015-8776: Out-of-range time values passed to the
strftime function may cause it to crash, leading to a
denial of service, or potentially disclosure information
(bsc#962736)

- CVE-2015-8778: Integer overflow in hcreate and hcreate_r
could have caused an out-of-bound memory access. leading
to application crashes or, potentially, arbitrary code
execution (bsc#962737)

- CVE-2014-9761: A stack overflow (unbounded alloca) could
have caused applications which process long strings with
the nan function to crash or, potentially, execute
arbitrary code. (bsc#962738)

- CVE-2015-8779: A stack overflow (unbounded alloca) in
the catopen function could have caused applications
which pass long strings to the catopen function to crash
or, potentially execute arbitrary code. (bsc#962739)

The following non-security bugs were fixed :

- bsc#955647: Resource leak in resolver

- bsc#956716: Don't do lock elision on an error checking
mutex

- bsc#958315: Reinitialize dl_load_write_lock on fork

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=950944
https://bugzilla.opensuse.org/show_bug.cgi?id=955647
https://bugzilla.opensuse.org/show_bug.cgi?id=956716
https://bugzilla.opensuse.org/show_bug.cgi?id=958315
https://bugzilla.opensuse.org/show_bug.cgi?id=961721
https://bugzilla.opensuse.org/show_bug.cgi?id=962736
https://bugzilla.opensuse.org/show_bug.cgi?id=962737
https://bugzilla.opensuse.org/show_bug.cgi?id=962738
https://bugzilla.opensuse.org/show_bug.cgi?id=962739
https://www.tenable.com/security/research/tra-2017-08

Solution :

Update the affected glibc packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88829 ()

Bugtraq ID:

CVE ID: CVE-2014-9761
CVE-2015-7547
CVE-2015-8776
CVE-2015-8777
CVE-2015-8778
CVE-2015-8779

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now