Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.
3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613VMware Security Advisory 2014-0008 - VMware has updated vSphere third party libraries.
961f1fa58ab6b80903bbc3ac882d262194e375452629d457597ffbc1b2b2c93cRed Hat Security Advisory 2013-1605-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
daf7b810ca339f4203738b3d995a41e50c8f3237d997d559ea32ef846fec988dUbuntu Security Notice 1991-1 - It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.
9a3faf4d014c0ecc32760724cade9dbcc4a41d949e21274c41bba46d64866b9fMandriva Linux Security Advisory 2013-163 - Buffer overflow in the extend_buffers function in the regular expression matcher in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service via crafted multibyte characters. Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library 2.17 and earlier allows remote attackers to cause a denial of service IP address that triggers a large number of domain conversion results. The updated packages have been patched to correct these issues.
0c0dd5bf03cefdee86dada6681973cbcc099724cc828fc09ee23d8df4de3e2d2Mandriva Linux Security Advisory 2013-162 - Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. Various other issues were also addressed. The updated packages have been patched to correct these issues.
813cdf2b71f75914d833c5f26c1da07143f7dab6acfaf1fa4b28d8655d95c6f1Red Hat Security Advisory 2013-0769-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.
64eb4276f4d6cab98919cfe1cf17b4bde978777315cfe94bc872ef3f95bb94df
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed