SUSE-SU-2016:0472-1 -- SLES glibc, nscdID: oval:org.secpod.oval:def:89045309 | Date: (C)2021-08-03 (M)2023-02-20 |
Class: PATCH | Family: unix |
This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution - CVE-2014-9761: A stack overflow could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. - CVE-2015-8779: A stack overflow in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr
Platform: |
SUSE Linux Enterprise Server 11 SP4 |