Package glibc updated to version 2.22-alt1 for branch sisyphus in task 153835.

Published: 2014-08-29

BDU:2015-04284

Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04285

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04286

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04287

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04288

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04289

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04290

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04291

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04292

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04293

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04294

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04295

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 2014-07-29

BDU:2015-05856

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05857

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05858

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05859

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05860

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05861

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05862

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05863

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05864

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05865

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05866

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05867

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05868

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05869

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05870

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05871

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05872

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05873

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05874

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05875

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05876

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05877

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05878

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05879

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05880

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05881

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05882

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05883

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05884

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05885

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05886

Severity: HIGH (7.5)

References:

Published: 2015-01-07

BDU:2015-06193

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06194

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06195

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06196

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06197

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06198

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06199

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06200

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07217

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07218

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07219

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07220

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07221

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07222

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07223

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07224

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07225

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07226

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07227

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07228

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07229

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-07230

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07231

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09219

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09220

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09221

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09222

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09223

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09224

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09225

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09226

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09331

Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09332

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09333

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09334

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09335

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09336

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09337

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09338

Severity: CRITICAL (10.0)

References:

Published: 2015-02-04

BDU:2015-09813

Уязвимость операционной системы Red Hat Enterprise Virtualization, позволяющая удаленному нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)

References:

Published: 2015-01-27

BDU:2015-09814

Уязвимость операционной системы Debian GNU/Linux, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09865

Уязвимость микропрограммного обеспечения сервера контроля безопасного доступа Cisco ACS, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09866

Уязвимость микропрограммного обеспечения маршрутизатора Cisco ASR, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09867

Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 5000, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2015-01-28

BDU:2015-09868

Уязвимость микропрограммного обеспечения коммутатора Cisco Nexus 7000, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-09869

Уязвимость микропрограммного обеспечения системы коммуникаций Cisco Unified Communications Manager, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10227

Уязвимость микропрограммного обеспечения виртуального коммутатора Cisco Nexus 1000V, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10228

Уязвимость микропрограммного обеспечения контроллера беспроводных Cisco Wireless LAN Controller 2000, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10229

Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2100, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10230

Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 2500, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10231

Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4100, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10232

Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 4400, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2015-01-28

BDU:2015-10233

Уязвимость микропрограммного обеспечения контроллера беспроводных сетей Cisco Wireless LAN Controller 5500, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2013-10-10

BDU:2016-01583

Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)

References:

Published: 2013-10-04

BDU:2016-02233

Уязвимость библиотек, обеспечивающих системные вызовы и основные функции glibc и eglibc, позволяющая нарушителю контролировать исполнение потока

Severity: MEDIUM (5.1)

References:

Published: 2013-12-12

BDU:2016-02234

Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

Published: 2013-10-10

BDU:2016-02235

Уязвимости библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющие нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.3)

References:

Published: 2013-10-10

BDU:2016-02236

Severity: MEDIUM (4.3)

References:

Published: 2017-03-15

BDU:2017-00766

Severity: MEDIUM (6.8)

References:

Published: 2017-06-12

BDU:2017-01438

Уязвимость службы nscd библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или внедрение кода

Severity: HIGH (7.5)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2012-4412

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Severity: HIGH (7.5)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2012-4424

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

Severity: MEDIUM (5.1)

References:

Published: 2013-02-09
Modified: 2024-11-21

CVE-2013-0242

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

Severity: MEDIUM (5.0)

References:

Published: 2013-04-30
Modified: 2024-11-21

CVE-2013-1914

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

Severity: MEDIUM (5.0)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2013-2207

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

Severity: LOW (2.6)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2013-4237

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

Severity: MEDIUM (6.8)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

Severity: MEDIUM (4.3)

References:

Published: 2013-12-12
Modified: 2024-11-21

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.

Severity: MEDIUM (5.0)

References:

Published: 2013-10-04
Modified: 2024-11-21

CVE-2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Severity: MEDIUM (5.1)

References:

Published: 2015-02-24
Modified: 2024-11-21

CVE-2013-7423

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

Severity: MEDIUM (5.0)

References:

Published: 2014-07-29
Modified: 2024-11-21

CVE-2014-0475

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Severity: MEDIUM (6.8)

References:

Published: 2014-10-07
Modified: 2024-11-21

CVE-2014-4043

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Severity: HIGH (7.5)

References:

Published: 2014-08-29
Modified: 2024-11-21

CVE-2014-5119

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Severity: HIGH (7.5)

References:

Published: 2014-12-05
Modified: 2024-11-21

CVE-2014-6040

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

Severity: MEDIUM (5.0)

References:

Published: 2015-03-27
Modified: 2024-11-21

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Severity: MEDIUM (5.0)

References:

Published: 2015-02-24
Modified: 2024-11-21

CVE-2014-9402

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

Severity: HIGH (7.8)

References:

Published: 2017-06-12
Modified: 2024-11-21

CVE-2014-9984

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2015-01-28
Modified: 2024-11-21

CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Severity: CRITICAL (10.0)

References:

Published: 2015-04-08
Modified: 2024-11-21

CVE-2015-1472

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

Severity: HIGH (7.5)

References:

Published: 2015-04-08
Modified: 2024-11-21

CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

Severity: MEDIUM (6.4)

References:

Published: 2015-09-28
Modified: 2024-11-21

CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

Severity: MEDIUM (6.8)

References:

Published: 2015-12-17
Modified: 2024-11-21

CVE-2015-5277

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.

Severity: HIGH (7.2)

References:

Published: 2017-03-15
Modified: 2024-11-21

CVE-2015-8982

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-20
Modified: 2024-11-21

CVE-2015-8983

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2017-03-20
Modified: 2024-11-21

CVE-2015-8984

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

ALT-PU-2015-2084-1

Closed vulnerabilities