Download
| Alert*
|
oval:org.secpod.oval:def:601720
eglibc-source is installed oval:org.secpod.oval:def:602373 Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lo ... oval:org.secpod.oval:def:601761 Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian"s version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbi ... oval:org.secpod.oval:def:601717 Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings. oval:org.secpod.oval:def:1900223 Use-after-free vulnerability in the clntudp_call function insunrpc/clnt_udp.c in the GNU C Library before 2.26allows remote attackers to have unspecified impact via vectors related to error path. oval:org.secpod.oval:def:601934 Several vulnerabilities have been fixed in eglibc, Debian"s version of the GNU C library: CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute ... oval:org.secpod.oval:def:1900219 The DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. |
