Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882391
Category:CentOS Local Security Checks
Title:CentOS Update for glibc CESA-2016:0175 centos6
Summary:Check the version of glibc
Description:Summary:
Check the version of glibc

Vulnerability Insight:
The glibc packages provide the standard C
libraries (libc), POSIX thread libraries (libpthread), standard math libraries
(libm), and the Name Server Caching Daemon (nscd) used by multiple programs on
the system. Without these libraries, the Linux system cannot function correctly.

A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from the
nss_dns NSS service module. (CVE-2015-7547)

This issue was discovered by the Google Security Team and Red Hat.

This update also fixes the following bugs:

* The dynamic loader has been enhanced to allow the loading of more shared
libraries that make use of static thread local storage. While static thread
local storage is the fastest access mechanism it may also prevent the
shared library from being loaded at all since the static storage space is a
limited and shared process-global resource. Applications which would
previously fail with 'dlopen: cannot load any more object with static TLS'
should now start up correctly. (BZ#1291270)

* A bug in the POSIX realtime support would cause asynchronous I/O or
certain timer API calls to fail and return errors in the presence of large
thread-local storage data that exceeded PTHREAD_STACK_MIN in size
(generally 16 KiB). The bug in librt has been corrected and the impacted
APIs no longer return errors when large thread-local storage data is
present in the application. (BZ#1301625)

All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Affected Software/OS:
glibc on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7547
BugTraq ID: 83265
http://www.securityfocus.com/bid/83265
Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search)
https://seclists.org/bugtraq/2019/Sep/7
CERT/CC vulnerability note: VU#457759
https://www.kb.cert.org/vuls/id/457759
Debian Security Information: DSA-3480 (Google Search)
http://www.debian.org/security/2016/dsa-3480
Debian Security Information: DSA-3481 (Google Search)
http://www.debian.org/security/2016/dsa-3481
https://www.exploit-db.com/exploits/39454/
https://www.exploit-db.com/exploits/40339/
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://seclists.org/fulldisclosure/2021/Sep/0
https://security.gentoo.org/glsa/201602-02
HPdes Security Advisory: HPSBGN03442
http://marc.info/?l=bugtraq&m=145690841819314&w=2
HPdes Security Advisory: HPSBGN03547
http://marc.info/?l=bugtraq&m=145596041017029&w=2
HPdes Security Advisory: HPSBGN03549
http://marc.info/?l=bugtraq&m=145672440608228&w=2
HPdes Security Advisory: HPSBGN03551
http://marc.info/?l=bugtraq&m=145857691004892&w=2
HPdes Security Advisory: HPSBGN03582
http://marc.info/?l=bugtraq&m=146161017210491&w=2
http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01
https://www.tenable.com/security/research/tra-2017-08
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
RedHat Security Advisories: RHSA-2016:0175
http://rhn.redhat.com/errata/RHSA-2016-0175.html
RedHat Security Advisories: RHSA-2016:0176
http://rhn.redhat.com/errata/RHSA-2016-0176.html
RedHat Security Advisories: RHSA-2016:0225
http://rhn.redhat.com/errata/RHSA-2016-0225.html
RedHat Security Advisories: RHSA-2016:0277
http://rhn.redhat.com/errata/RHSA-2016-0277.html
http://www.securitytracker.com/id/1035020
SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
SuSE Security Announcement: SUSE-SU-2016:0471 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
SuSE Security Announcement: SUSE-SU-2016:0472 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
SuSE Security Announcement: SUSE-SU-2016:0473 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
SuSE Security Announcement: openSUSE-SU-2016:0510 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
SuSE Security Announcement: openSUSE-SU-2016:0511 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
SuSE Security Announcement: openSUSE-SU-2016:0512 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
http://ubuntu.com/usn/usn-2900-1
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.