2017-04-06
ALT-BU-2017-3041-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2017-06-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5180
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- 99324
- 99324
- USN-3239-1
- USN-3239-1
- USN-3239-2
- USN-3239-2
- RHSA-2018:0805
- RHSA-2018:0805
- https://bugzilla.redhat.com/show_bug.cgi?id=1249603
- https://bugzilla.redhat.com/show_bug.cgi?id=1249603
- GLSA-201706-19
- GLSA-201706-19
- https://sourceware.org/bugzilla/attachment.cgi?id=8492
- https://sourceware.org/bugzilla/attachment.cgi?id=8492
- https://sourceware.org/bugzilla/show_bug.cgi?id=18784
- https://sourceware.org/bugzilla/show_bug.cgi?id=18784
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
- [libc-alpha@sourceware.org] 20170205 The GNU C Library version 2.25 is now available
- [libc-alpha@sourceware.org] 20170205 The GNU C Library version 2.25 is now available
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Published: 2016-10-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-6323
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2016:2443
- openSUSE-SU-2016:2443
- [oss-security] 20160818 CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang
- [oss-security] 20160818 CVE-2016-6323: Missing unwind information on ARM EABI (32-bit) causes backtrace generation to hang
- 92532
- 92532
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- FEDORA-2016-5f050a0a6d
- FEDORA-2016-5f050a0a6d
- FEDORA-2016-57cba655d5
- FEDORA-2016-57cba655d5
- FEDORA-2016-87dde780b8
- FEDORA-2016-87dde780b8
- GLSA-201706-19
- GLSA-201706-19
- https://sourceware.org/bugzilla/show_bug.cgi?id=20435
- https://sourceware.org/bugzilla/show_bug.cgi?id=20435
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617