openSUSE Security Update : glibc (openSUSE-2016-1149)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for glibc fixes the following issues :

Security issues fixed :

- arm: mark __startcontext as .cantunwind (CVE-2016-6323,
boo#994359, BZ #20435)

Bugs fixed :

- aarch64: Merge __local_multiple_threads offset with
memory reference

- Fix memory leak in regexp compiler (BZ #17069)

- Provide correct buffer length to netgroup queries in
nscd (BZ #16695)

- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer
(BZ #16878)

- aarch64: End frame record chain correctly (BZ #17555)

- _IO_wstr_overflow integer overflow (BZ #17269)

- Fix nscd lookup when netgroup has wildcards (BZ #16758,
BZ #16759)

- Avoid overlapping addresses to stpcpy calls in nscd (BZ
#16760)

- resolv: Always set *resplen2 out parameter in send_dg
(boo#994576, BZ #19791)

- Fix memory handling in strxfrm_l (BZ #16009)

- Harden tls_dtor_list with pointer mangling (BZ #19018)

- open and openat ignore 'mode' with O_TMPFILE in flags
(BZ #17523)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=994359
https://bugzilla.opensuse.org/show_bug.cgi?id=994576

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 93852 ()

Bugtraq ID:

CVE ID: CVE-2016-6323

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now