ALT Linux Team

Package glibc update in t7 on 2015-01-22

ALT-PU-2015-1071-1

Package glibc updated to version 2.17-alt8 for branch t7 in task 139050.

Closed vulnerabilities

Published: 2013-10-10

BDU:2016-01583

Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)
References:
Published: 2013-10-04

BDU:2016-02233

Уязвимость библиотек, обеспечивающих системные вызовы и основные функции glibc и eglibc, позволяющая нарушителю контролировать исполнение потока

Severity: MEDIUM (5.1)
References:
Published: 2013-12-12

BDU:2016-02234

Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2013-10-10

BDU:2016-02235

Уязвимости библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющие нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)
References:
Published: 2013-10-10

BDU:2016-02236

Уязвимости библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющие нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)
References:
Published: 2013-10-10
Modified: 2019-06-14

CVE-2012-4412

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Severity: HIGH (7.5)
References:
Published: 2013-10-10
Modified: 2017-07-01

CVE-2012-4424

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

Severity: MEDIUM (5.1)
References:
Published: 2013-10-10
Modified: 2024-11-21

CVE-2013-4237

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

Severity: MEDIUM (6.8)
References:
Published: 2013-10-10
Modified: 2024-11-21

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

Severity: MEDIUM (4.3)
References:
Published: 2013-12-12
Modified: 2024-11-21

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Severity: MEDIUM (5.0)
References:
Published: 2013-10-04
Modified: 2024-11-21

CVE-2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Severity: MEDIUM (5.1)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top