ALT-PU-2017-2198-1
Closed vulnerabilities
BDU:2017-00766
Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-01438
Уязвимость службы nscd библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или внедрение кода
BDU:2020-04683
Уязвимость утилиты iconv системной библиотеки GNU C Library (glibc), связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 99071
- 99071
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
- https://sourceware.org/bugzilla/show_bug.cgi?id=16695
- https://sourceware.org/bugzilla/show_bug.cgi?id=16695
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=c44496df2f090a56d3bf75df930592dac6bba46f
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=c44496df2f090a56d3bf75df930592dac6bba46f
Modified: 2024-11-21
CVE-2015-5180
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
- 99324
- 99324
- USN-3239-1
- USN-3239-1
- USN-3239-2
- USN-3239-2
- RHSA-2018:0805
- RHSA-2018:0805
- https://bugzilla.redhat.com/show_bug.cgi?id=1249603
- https://bugzilla.redhat.com/show_bug.cgi?id=1249603
- GLSA-201706-19
- GLSA-201706-19
- https://sourceware.org/bugzilla/attachment.cgi?id=8492
- https://sourceware.org/bugzilla/attachment.cgi?id=8492
- https://sourceware.org/bugzilla/show_bug.cgi?id=18784
- https://sourceware.org/bugzilla/show_bug.cgi?id=18784
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
- [libc-alpha@sourceware.org] 20170205 The GNU C Library version 2.25 is now available
- [libc-alpha@sourceware.org] 20170205 The GNU C Library version 2.25 is now available
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Modified: 2024-11-21
CVE-2015-8982
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
- [oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)
- [oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)
- [oss-security] 20170214 Re: Pending CVE requests for glibc
- [oss-security] 20170214 Re: Pending CVE requests for glibc
- 72602
- 72602
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- https://sourceware.org/bugzilla/show_bug.cgi?id=16009
- https://sourceware.org/bugzilla/show_bug.cgi?id=16009
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=0f9e585480ed
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=0f9e585480ed
Modified: 2024-11-21
CVE-2015-8983
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
- [oss-security] 20170214 Re: Pending CVE requests for glibc
- [oss-security] 20170214 Re: Pending CVE requests for glibc
- 72740
- 72740
- https://sourceware.org/bugzilla/show_bug.cgi?id=17269
- https://sourceware.org/bugzilla/show_bug.cgi?id=17269
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
- [libc-alpha] 20150814 The GNU C Library version 2.22 is now available
- [libc-alpha] 20150814 The GNU C Library version 2.22 is now available
Modified: 2024-11-21
CVE-2015-8984
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
- [oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch
- [oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch
- [oss-security] 20170214 Re: Pending CVE requests for glibc
- [oss-security] 20170214 Re: Pending CVE requests for glibc
- 72789
- 72789
- https://sourceware.org/bugzilla/show_bug.cgi?id=18032
- https://sourceware.org/bugzilla/show_bug.cgi?id=18032
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185
- [libc-alpha] 20150814 The GNU C Library version 2.22 is now available
- [libc-alpha] 20150814 The GNU C Library version 2.22 is now available
Modified: 2024-11-21
CVE-2016-10228
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
- http://openwall.com/lists/oss-security/2017/03/01/10
- http://openwall.com/lists/oss-security/2017/03/01/10
- 96525
- 96525
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update
- [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update
- GLSA-202101-20
- GLSA-202101-20
- https://sourceware.org/bugzilla/show_bug.cgi?id=19519
- https://sourceware.org/bugzilla/show_bug.cgi?id=19519
- https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
- https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
- https://sourceware.org/bugzilla/show_bug.cgi?id=26224
- https://sourceware.org/bugzilla/show_bug.cgi?id=26224
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Modified: 2024-11-21
CVE-2016-5417
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures.
- [oss-security] 20160802 glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417)
- [oss-security] 20160802 glibc: Per-thread memory leak in __res_vinit with IPv6 nameservers (CVE-2016-5417)
- 92257
- 92257
- https://sourceware.org/bugzilla/show_bug.cgi?id=19257
- https://sourceware.org/bugzilla/show_bug.cgi?id=19257
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2212c1420c92a33b0e0bd9a34938c9814a56c0f7
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2212c1420c92a33b0e0bd9a34938c9814a56c0f7
- [libc-alpha] 20160804 The GNU C Library version 2.24 is now available
- [libc-alpha] 20160804 The GNU C Library version 2.24 is now available