Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-1391)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123285

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2014-1391)

Resumen: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.

Descripción: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.

Vulnerability Insight:
[2.12-1.149]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

[2.12-1.148]
- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).

[2.12-1.147]
- Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460).
- Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460).

[2.12-1.146]
- Fix memory order when reading libgcc handle (#905941).
- Fix format specifier in malloc_info output (#1027261).
- Fix nscd lookup for innetgr when netgroup has wildcards (#1054846).

[2.12-1.145]
- Add mmap usage to malloc_info output (#1027261).

[2.12-1.144]
- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833).

[2.12-1.143]
- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).
- [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025).

[2.12-1.142]
- Also relocate in dependency order when doing symbol dependency testing
(#1019916).

[2.12-1.141]
- Fix infinite loop in nscd when netgroup is empty (#1085273).
- Provide correct buffer length to netgroup queries in nscd (#1074342).
- Return NULL for wildcard values in getnetgrent from nscd (#1085289).
- Avoid overlapping addresses to stpcpy calls in nscd (#1082379).
- Initialize all of datahead structure in nscd (#1074353).

[2.12-1.140]
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628).

[2.12-1.139]
- Do not fail if one of the two responses to AF_UNSPEC fails (#845218).

[2.12-1.138]
- nscd: Make SELinux checks dynamic (#1025933).

[2.12-1.137]
- Fix race in free() of fastbin chunk (#1027101).

[2.12-1.136]
- Fix copy relocations handling of unique objects (#1032628).

[2.12-1.135]
- Fix encoding name for IDN in getaddrinfo (#981942).

[2.12-1.134]
- Fix return code from getent netgroup when the netgroup is not found (#1039988).
- Fix handling of static TLS in dlopen'ed objects (#995972).

[2.12-1.133]
- Don't use alloca in addgetnetgrentX (#1043557).
- Adjust pointers to triplets in netgroup query data (#1043557).

Affected Software/OS:
'glibc' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-4237
55113
http://secunia.com/advisories/55113
61729
http://www.securityfocus.com/bid/61729
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
USN-1991-1
http://www.ubuntu.com/usn/USN-1991-1
[oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
http://www.openwall.com/lists/oss-security/2013/08/12/8
https://bugzilla.redhat.com/show_bug.cgi?id=995839
https://sourceware.org/bugzilla/show_bug.cgi?id=14699
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3
Common Vulnerability Exposure (CVE) ID: CVE-2013-4458
MDVSA-2013:284
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
SUSE-SU-2016:0470
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
[libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests
https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
https://sourceware.org/bugzilla/show_bug.cgi?id=16072

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123285
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2014-1391)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory. Vulnerability Insight: [2.12-1.149] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, [2.12-1.148] - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). [2.12-1.147] - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). [2.12-1.146] - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). [2.12-1.145] - Add mmap usage to malloc_info output (#1027261). [2.12-1.144] - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). [2.12-1.143] - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). [2.12-1.142] - Also relocate in dependency order when doing symbol dependency testing (#1019916). [2.12-1.141] - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). [2.12-1.140] - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). [2.12-1.139] - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). [2.12-1.138] - nscd: Make SELinux checks dynamic (#1025933). [2.12-1.137] - Fix race in free() of fastbin chunk (#1027101). [2.12-1.136] - Fix copy relocations handling of unique objects (#1032628). [2.12-1.135] - Fix encoding name for IDN in getaddrinfo (#981942). [2.12-1.134] - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). [2.12-1.133] - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557). Affected Software/OS: 'glibc' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 55113 http://secunia.com/advisories/55113 61729 http://www.securityfocus.com/bid/61729 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4458 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html [libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://sourceware.org/bugzilla/show_bug.cgi?id=16072
Copyright	Copyright (C) 2015 Greenbone AG