Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-1391)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123285

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2014-1391)

Zusammenfassung: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.

Vulnerability Insight:
[2.12-1.149]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

[2.12-1.148]
- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).

[2.12-1.147]
- Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460).
- Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460).

[2.12-1.146]
- Fix memory order when reading libgcc handle (#905941).
- Fix format specifier in malloc_info output (#1027261).
- Fix nscd lookup for innetgr when netgroup has wildcards (#1054846).

[2.12-1.145]
- Add mmap usage to malloc_info output (#1027261).

[2.12-1.144]
- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833).

[2.12-1.143]
- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).
- [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025).

[2.12-1.142]
- Also relocate in dependency order when doing symbol dependency testing
(#1019916).

[2.12-1.141]
- Fix infinite loop in nscd when netgroup is empty (#1085273).
- Provide correct buffer length to netgroup queries in nscd (#1074342).
- Return NULL for wildcard values in getnetgrent from nscd (#1085289).
- Avoid overlapping addresses to stpcpy calls in nscd (#1082379).
- Initialize all of datahead structure in nscd (#1074353).

[2.12-1.140]
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628).

[2.12-1.139]
- Do not fail if one of the two responses to AF_UNSPEC fails (#845218).

[2.12-1.138]
- nscd: Make SELinux checks dynamic (#1025933).

[2.12-1.137]
- Fix race in free() of fastbin chunk (#1027101).

[2.12-1.136]
- Fix copy relocations handling of unique objects (#1032628).

[2.12-1.135]
- Fix encoding name for IDN in getaddrinfo (#981942).

[2.12-1.134]
- Fix return code from getent netgroup when the netgroup is not found (#1039988).
- Fix handling of static TLS in dlopen'ed objects (#995972).

[2.12-1.133]
- Don't use alloca in addgetnetgrentX (#1043557).
- Adjust pointers to triplets in netgroup query data (#1043557).

Affected Software/OS:
'glibc' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4237
55113
http://secunia.com/advisories/55113
61729
http://www.securityfocus.com/bid/61729
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
USN-1991-1
http://www.ubuntu.com/usn/USN-1991-1
[oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
http://www.openwall.com/lists/oss-security/2013/08/12/8
https://bugzilla.redhat.com/show_bug.cgi?id=995839
https://sourceware.org/bugzilla/show_bug.cgi?id=14699
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3
Common Vulnerability Exposure (CVE) ID: CVE-2013-4458
MDVSA-2013:284
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
SUSE-SU-2016:0470
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
[libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests
https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
https://sourceware.org/bugzilla/show_bug.cgi?id=16072

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123285
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2014-1391)
Zusammenfassung:	The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory. Vulnerability Insight: [2.12-1.149] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, [2.12-1.148] - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). [2.12-1.147] - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). [2.12-1.146] - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). [2.12-1.145] - Add mmap usage to malloc_info output (#1027261). [2.12-1.144] - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). [2.12-1.143] - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). [2.12-1.142] - Also relocate in dependency order when doing symbol dependency testing (#1019916). [2.12-1.141] - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). [2.12-1.140] - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). [2.12-1.139] - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). [2.12-1.138] - nscd: Make SELinux checks dynamic (#1025933). [2.12-1.137] - Fix race in free() of fastbin chunk (#1027101). [2.12-1.136] - Fix copy relocations handling of unique objects (#1032628). [2.12-1.135] - Fix encoding name for IDN in getaddrinfo (#981942). [2.12-1.134] - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). [2.12-1.133] - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557). Affected Software/OS: 'glibc' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 55113 http://secunia.com/advisories/55113 61729 http://www.securityfocus.com/bid/61729 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4458 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html [libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://sourceware.org/bugzilla/show_bug.cgi?id=16072
Copyright	Copyright (C) 2015 Greenbone AG