Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2016:12406

Overview

Id SUSE-2016:12406
Name Novell SUSE 2016:12406 glibc security update for SLE 11 i586
Vendor Name novell
Product None
Content Type Critical - 01 Critical - 01
Language(s)
Operating System(s) Linux 
Released On 16 Feb 2016 12:00:00

SUSE-2016:12406

Novell SUSE 2016:12406 glibc security update for SLE 11 i586

Vendor Name

novell

Product

None

Released On

16 Feb 2016 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:23:16