Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.1287.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1287-1)
Summary:The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2013:1287-1 advisory.
Description:Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2013:1287-1 advisory.

Vulnerability Insight:
This collective update for the GNU C library (glibc)
provides the following fixes and enhancements:

Security issues fixed: - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results
(bnc#828637) - Fix buffer overflow in glob. (bnc#691365)
(CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) -
Make addmntent return errors also for cached streams. [bnc
#676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc
#770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768,
CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029]

Also several bugs were fixed: - Fix locking in _IO_cleanup.
(bnc#796982) - Fix memory leak in execve. (bnc#805899) -
Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216] - Fix problem with TLS and dlopen.
[#732110] - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689] - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689] - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460]

Security Issues:

* CVE-2009-5029
>
* CVE-2010-4756
>
* CVE-2011-1089
>
* CVE-2012-0864
>
* CVE-2012-3480
>
* CVE-2013-1914
>

Affected Software/OS:
'glibc' package(s) on SUSE Linux Enterprise Server 10 SP3

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-5029
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://sourceware.org/git/?p=glibc.git;a=commit;h=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4756
http://cxib.net/stuff/glob-0day.c
http://securityreason.com/exploitalert/9223
http://securityreason.com/achievement_securityalert/89
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
BugTraq ID: 46740
http://www.securityfocus.com/bid/46740
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0864
BugTraq ID: 52201
http://www.securityfocus.com/bid/52201
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
http://www.phrack.org/issues.html?issue=67&id=9#article
http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
RedHat Security Advisories: RHSA-2012:0393
http://rhn.redhat.com/errata/RHSA-2012-0393.html
RedHat Security Advisories: RHSA-2012:0397
http://rhn.redhat.com/errata/RHSA-2012-0397.html
RedHat Security Advisories: RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RedHat Security Advisories: RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3480
BugTraq ID: 54982
http://www.securityfocus.com/bid/54982
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
https://security.gentoo.org/glsa/201503-04
http://sourceware.org/bugzilla/show_bug.cgi?id=14459
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
http://www.openwall.com/lists/oss-security/2012/08/13/4
http://www.openwall.com/lists/oss-security/2012/08/13/6
http://osvdb.org/84710
RedHat Security Advisories: RHSA-2012:1207
http://rhn.redhat.com/errata/RHSA-2012-1207.html
RedHat Security Advisories: RHSA-2012:1208
http://rhn.redhat.com/errata/RHSA-2012-1208.html
RedHat Security Advisories: RHSA-2012:1262
http://rhn.redhat.com/errata/RHSA-2012-1262.html
RedHat Security Advisories: RHSA-2012:1325
http://rhn.redhat.com/errata/RHSA-2012-1325.html
http://www.securitytracker.com/id?1027374
http://secunia.com/advisories/50201
http://secunia.com/advisories/50422
http://www.ubuntu.com/usn/USN-1589-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1914
BugTraq ID: 58839
http://www.securityfocus.com/bid/58839
http://www.mandriva.com/security/advisories?name=MDVSA-2013:163
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
https://bugzilla.novell.com/show_bug.cgi?id=813121
https://bugzilla.redhat.com/show_bug.cgi?id=947882
http://www.openwall.com/lists/oss-security/2013/04/03/2
http://www.openwall.com/lists/oss-security/2013/04/03/8
http://www.openwall.com/lists/oss-security/2013/04/05/1
RedHat Security Advisories: RHSA-2013:0769
http://rhn.redhat.com/errata/RHSA-2013-0769.html
RedHat Security Advisories: RHSA-2013:1605
http://rhn.redhat.com/errata/RHSA-2013-1605.html
http://secunia.com/advisories/52817
http://secunia.com/advisories/55113
http://www.ubuntu.com/usn/USN-1991-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.