Package glibc updated to version 2.17-alt5.M70C.8 for branch c7 in task 161571.

Published: 2014-08-29

BDU:2015-04284

Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04285

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04286

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04287

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04288

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04289

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04290

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04291

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04292

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04293

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04294

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 1970-01-01

BDU:2015-04295

Severity: HIGH (7.5)

References:

CVE-2014-5119

Published: 2014-07-29

BDU:2015-05856

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05857

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05858

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05859

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05860

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05861

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05862

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05863

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05864

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05865

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05866

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05867

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05868

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05869

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05870

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05871

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05872

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05873

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05874

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05875

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05876

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05877

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05878

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05879

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05880

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05881

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05882

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05883

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05884

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05885

Severity: HIGH (7.5)

References:

Published: 1970-01-01

BDU:2015-05886

Severity: HIGH (7.5)

References:

Published: 2015-01-07

BDU:2015-06193

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06194

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06195

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06196

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06197

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06198

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06199

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-06200

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07218

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07220

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07222

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07224

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07226

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07228

Severity: CRITICAL (10.0)

References:

Published: 2014-09-02

BDU:2015-07231

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09219

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09220

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09221

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09222

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09223

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09224

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09225

Severity: CRITICAL (10.0)

References:

Published: 2015-01-07

BDU:2015-09226

Severity: CRITICAL (10.0)

References:

Published: 2013-10-10

BDU:2016-01583

Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)

References:

Published: 2013-10-04

BDU:2016-02233

Уязвимость библиотек, обеспечивающих системные вызовы и основные функции glibc и eglibc, позволяющая нарушителю контролировать исполнение потока

Severity: MEDIUM (5.1)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2012-4412

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

Severity: HIGH (7.5)

References:

Published: 2013-10-10
Modified: 2024-11-21

CVE-2013-4237

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

Severity: MEDIUM (6.8)

References:

Published: 2013-10-04
Modified: 2024-11-21

CVE-2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Severity: MEDIUM (5.1)

References:

Published: 2015-02-24
Modified: 2024-11-21

CVE-2013-7423

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

Severity: MEDIUM (5.0)

References:

Published: 2014-07-29
Modified: 2024-11-21

CVE-2014-0475

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Severity: MEDIUM (6.8)

References:

Published: 2014-10-07
Modified: 2024-11-21

CVE-2014-4043

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Severity: HIGH (7.5)

References:

Published: 2014-08-29
Modified: 2024-11-21

CVE-2014-5119

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Severity: HIGH (7.5)

References:

Published: 2014-12-05
Modified: 2024-11-21

CVE-2014-6040

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

Severity: MEDIUM (5.0)

References:

Published: 2015-03-27
Modified: 2024-11-21

CVE-2014-8121

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

Severity: MEDIUM (5.0)

References:

Published: 2015-04-08
Modified: 2024-11-21

CVE-2015-1472

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

Severity: HIGH (7.5)

References:

Published: 2015-04-08
Modified: 2024-11-21

CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

Severity: MEDIUM (6.4)

References:

Published: 2015-09-28
Modified: 2024-11-21

CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.

Severity: MEDIUM (6.8)

References:

Version: 2.1.0

ALT-PU-2016-1274-1

Closed vulnerabilities