{"id": "CVE-2014-6040", "bulletinFamily": "NVD", "title": "CVE-2014-6040", "description": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "published": "2014-12-05T11:59:09", "modified": "2017-01-02T21:59:06", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6040", "reporter": "NVD", "references": ["http://ubuntu.com/usn/usn-2432-1", "http://www.securityfocus.com/bid/69472", "http://secunia.com/advisories/62146", "https://security.gentoo.org/glsa/201602-02", "http://www.openwall.com/lists/oss-security/2014/08/29/3", "http://linux.oracle.com/errata/ELSA-2015-0016.html", "http://www.debian.org/security/2015/dsa-3142", "http://secunia.com/advisories/62100", "http://www.openwall.com/lists/oss-security/2014/09/02/1", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175", "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41488498b6", "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"], "cvelist": ["CVE-2014-6040"], "type": "cve", "lastseen": "2017-04-18T15:55:14", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.17", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.19", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.15", "cpe:/a:gnu:glibc:2.16", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.12", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.18", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.14.1"], "cvelist": ["CVE-2014-6040"], "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "edition": 1, "hash": "a4424f4cb3df1fea9b2520d5ce6c782ffd09ef5bc5f7a9ff08ea9a39c8328f6f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "385846c36ff0327b15a4024c7db3aef4", "key": "title"}, {"hash": "9ca04bb93f9308d6f1f03e6e3ba5096e", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "f0b8a51791d225498f69712fa17a68a3", "key": "published"}, {"hash": "b4177d33fbb4c09abd97356b1c40c24f", "key": "description"}, {"hash": "de93cc9a7ab738b4fa317e497f955e4d", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "f223d3221a87ef321ab922a8ff624285", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "a4757f7c3d9481dcf75a8dfb9f9fbc6c", "key": "cpe"}, {"hash": "951f13cba60fa968dbf7206f94fab6ab", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6040", "id": "CVE-2014-6040", "lastseen": "2016-09-03T20:59:38", "modified": "2016-06-10T17:18:35", "objectVersion": "1.2", "published": "2014-12-05T11:59:09", "references": ["http://ubuntu.com/usn/usn-2432-1", "http://www.securityfocus.com/bid/69472", "https://security.gentoo.org/glsa/201602-02", "http://www.openwall.com/lists/oss-security/2014/08/29/3", "http://www.debian.org/security/2015/dsa-3142", "http://www.openwall.com/lists/oss-security/2014/09/02/1", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175", "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41488498b6", "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"], "reporter": "NVD", "scanner": [], "title": "CVE-2014-6040", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T20:59:38"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a4757f7c3d9481dcf75a8dfb9f9fbc6c"}, {"key": "cvelist", "hash": "951f13cba60fa968dbf7206f94fab6ab"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "b4177d33fbb4c09abd97356b1c40c24f"}, {"key": "href", "hash": "f223d3221a87ef321ab922a8ff624285"}, {"key": "modified", "hash": "1b9f26f75ad77fde15324769ccc594e6"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f0b8a51791d225498f69712fa17a68a3"}, {"key": "references", "hash": "b94ccac98c321e68038144ccb064cadd"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "385846c36ff0327b15a4024c7db3aef4"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d41d8dce9ad3723bf99aebbe45dd404d63115cf95c075d0049c66e53e1198e39", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.17", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.19", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.15", "cpe:/a:gnu:glibc:2.16", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.12", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.18", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.14.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"vulnersScore": 2.1}}

{"result": {"f5": [{"id": "SOL16435", "type": "f5", "title": "SOL16435 - GNU C Library vulnerability CVE-2014-6040", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "published": "2015-04-14T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16435.html", "cvelist": ["CVE-2014-6040"], "lastseen": "2016-09-26T17:23:20"}], "nessus": [{"id": "F5_BIGIP_SOL16435.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : GNU C Library vulnerability (SOL16435)", "description": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of '0xffff' to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "published": "2015-09-17T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85963", "cvelist": ["CVE-2014-6040"], "lastseen": "2016-10-31T21:24:37"}, {"id": "CENTOS_RHSA-2015-0016.NASL", "type": "nessus", "title": "CentOS 6 : glibc (CESA-2015:0016)", "description": "Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2015-01-08T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80400", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-09-26T17:26:16"}, {"id": "FEDORA_2015-2845.NASL", "type": "nessus", "title": "Fedora 20 : glibc-2.18-19.fc20 (2015-2845)", "description": "- Fix CVE-2014-6040: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)\n\n - Fix CVE-2014-7817: command execution in wordexp() with WRDE_NOCMD specified\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-05T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81616", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-09-26T17:24:11"}, {"id": "SL_20150305_GLIBC_ON_SL7_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64", "description": "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n - Due to problems with buffer extension and reallocation, the nscd daemon terminated unexpectedly with a segmentation fault when processing long netgroup entries. With this update, the handling of long netgroup entries has been corrected and nscd no longer crashes in the described scenario.\n\n - If a file opened in append mode was truncated with the ftruncate() function, a subsequent ftell() call could incorrectly modify the file offset. This update ensures that ftell() modifies the stream state only when it is in append mode and the buffer for the stream is not empty.\n\n - A defect in the C library headers caused builds with older compilers to generate incorrect code for the btowc() function in the older compatibility C++ standard library. Applications calling btowc() in the compatibility C++ standard library became unresponsive.\n With this update, the C library headers have been corrected, and the compatibility C++ standard library shipped with Scientific Linux has been rebuilt.\n Applications that rely on the compatibility C++ standard library no longer hang when calling btowc().\n\n - Previously, when using netgroups and the nscd daemon was set up to cache netgroup information, the sudo utility denied access to valid users. The bug in nscd has been fixed, and sudo now works in netgroups as expected.", "published": "2015-03-26T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82250", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2016-09-26T17:25:03"}, {"id": "ORACLEVM_OVMSA-2015-0003.NASL", "type": "nessus", "title": "OracleVM 3.3 : glibc (OVMSA-2015-0003)", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix recursive dlopen (#1173469).\n\n - Fix typo in res_send and res_query (#rh1172023).\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571).\n\n - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1170121).", "published": "2015-01-09T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80439", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-02-17T01:05:25"}, {"id": "ALA_ALAS-2015-468.NASL", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2015-468)", "description": "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)", "published": "2015-01-09T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80419", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-09-26T17:25:00"}, {"id": "ORACLELINUX_ELSA-2015-0327.NASL", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2015-0327)", "description": "From Red Hat Security Advisory 2015:0327 :\n\nUpdated glibc packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd daemon terminated unexpectedly with a segmentation fault when processing long netgroup entries. With this update, the handling of long netgroup entries has been corrected and nscd no longer crashes in the described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate() function, a subsequent ftell() call could incorrectly modify the file offset. This update ensures that ftell() modifies the stream state only when it is in append mode and the buffer for the stream is not empty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to generate incorrect code for the btowc() function in the older compatibility C++ standard library. Applications calling btowc() in the compatibility C++ standard library became unresponsive. With this update, the C library headers have been corrected, and the compatibility C++ standard library shipped with Red Hat Enterprise Linux has been rebuilt. Applications that rely on the compatibility C++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache netgroup information, the sudo utility denied access to valid users. The bug in nscd has been fixed, and sudo now works in netgroups as expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these issues.", "published": "2015-03-10T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81722", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2016-09-26T17:24:59"}, {"id": "ORACLELINUX_ELSA-2015-0016.NASL", "type": "nessus", "title": "Oracle Linux 6 : glibc (ELSA-2015-0016)", "description": "From Red Hat Security Advisory 2015:0016 :\n\nUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2015-01-08T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80407", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-09-26T17:24:24"}, {"id": "REDHAT-RHSA-2015-0016.NASL", "type": "nessus", "title": "RHEL 6 : glibc (RHSA-2015:0016)", "description": "Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.\n\nThis update also fixes the following bugs :\n\n* Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2015-01-08T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80408", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-01-06T22:11:15"}, {"id": "REDHAT-RHSA-2015-0327.NASL", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2015:0327)", "description": "Updated glibc packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.\n(CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121)\n\nThis update also fixes the following bugs :\n\n* Due to problems with buffer extension and reallocation, the nscd daemon terminated unexpectedly with a segmentation fault when processing long netgroup entries. With this update, the handling of long netgroup entries has been corrected and nscd no longer crashes in the described scenario. (BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate() function, a subsequent ftell() call could incorrectly modify the file offset. This update ensures that ftell() modifies the stream state only when it is in append mode and the buffer for the stream is not empty. (BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to generate incorrect code for the btowc() function in the older compatibility C++ standard library. Applications calling btowc() in the compatibility C++ standard library became unresponsive. With this update, the C library headers have been corrected, and the compatibility C++ standard library shipped with Red Hat Enterprise Linux has been rebuilt. Applications that rely on the compatibility C++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache netgroup information, the sudo utility denied access to valid users. The bug in nscd has been fixed, and sudo now works in netgroups as expected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these issues.", "published": "2015-03-05T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81630", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2017-01-06T22:10:44"}], "amazon": [{"id": "ALAS-2015-495", "type": "amazon", "title": "Medium: glibc", "description": "**Issue Overview:**\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. ([CVE-2014-6040 __](<https://access.redhat.com/security/cve/CVE-2014-6040>))\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. ([CVE-2014-8121 __](<https://access.redhat.com/security/cve/CVE-2014-8121>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n glibc-2.17-55.139.amzn1.i686 \n glibc-common-2.17-55.139.amzn1.i686 \n glibc-static-2.17-55.139.amzn1.i686 \n glibc-devel-2.17-55.139.amzn1.i686 \n glibc-headers-2.17-55.139.amzn1.i686 \n glibc-debuginfo-common-2.17-55.139.amzn1.i686 \n glibc-debuginfo-2.17-55.139.amzn1.i686 \n glibc-utils-2.17-55.139.amzn1.i686 \n nscd-2.17-55.139.amzn1.i686 \n \n src: \n glibc-2.17-55.139.amzn1.src \n \n x86_64: \n glibc-debuginfo-2.17-55.139.amzn1.x86_64 \n glibc-devel-2.17-55.139.amzn1.x86_64 \n glibc-headers-2.17-55.139.amzn1.x86_64 \n nscd-2.17-55.139.amzn1.x86_64 \n glibc-common-2.17-55.139.amzn1.x86_64 \n glibc-2.17-55.139.amzn1.x86_64 \n glibc-static-2.17-55.139.amzn1.x86_64 \n glibc-utils-2.17-55.139.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.139.amzn1.x86_64 \n \n \n", "published": "2015-03-23T08:30:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-495.html", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2016-09-28T21:04:12"}, {"id": "ALAS-2015-468", "type": "amazon", "title": "Medium: glibc", "description": "**Issue Overview:**\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. ([CVE-2014-6040 __](<https://access.redhat.com/security/cve/CVE-2014-6040>))\n\nIt was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. ([CVE-2014-7817 __](<https://access.redhat.com/security/cve/CVE-2014-7817>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n glibc-common-2.17-55.92.amzn1.i686 \n glibc-devel-2.17-55.92.amzn1.i686 \n glibc-debuginfo-2.17-55.92.amzn1.i686 \n glibc-utils-2.17-55.92.amzn1.i686 \n glibc-debuginfo-common-2.17-55.92.amzn1.i686 \n nscd-2.17-55.92.amzn1.i686 \n glibc-static-2.17-55.92.amzn1.i686 \n glibc-headers-2.17-55.92.amzn1.i686 \n glibc-2.17-55.92.amzn1.i686 \n \n src: \n glibc-2.17-55.92.amzn1.src \n \n x86_64: \n glibc-2.17-55.92.amzn1.x86_64 \n glibc-utils-2.17-55.92.amzn1.x86_64 \n nscd-2.17-55.92.amzn1.x86_64 \n glibc-headers-2.17-55.92.amzn1.x86_64 \n glibc-static-2.17-55.92.amzn1.x86_64 \n glibc-debuginfo-2.17-55.92.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.92.amzn1.x86_64 \n glibc-common-2.17-55.92.amzn1.x86_64 \n glibc-devel-2.17-55.92.amzn1.x86_64 \n \n \n", "published": "2015-01-08T12:38:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-468.html", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-09-28T21:04:03"}], "openvas": [{"id": "OPENVAS:1361412562310120169", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2015-495", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120169", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2017-07-24T12:53:53"}, {"id": "OPENVAS:1361412562310871331", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:0327-01", "description": "Check the version of glibc", "published": "2015-03-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871331", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2017-07-27T10:52:20"}, {"id": "OPENVAS:1361412562310120455", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2015-468", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120455", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-07-24T12:53:21"}, {"id": "OPENVAS:1361412562310123206", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0016", "description": "Oracle Linux Local Security Checks ELSA-2015-0016", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123206", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-07-24T12:53:38"}, {"id": "OPENVAS:1361412562310871301", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:0016-01", "description": "Check the version of glibc", "published": "2015-01-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871301", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-07-27T10:52:48"}, {"id": "OPENVAS:1361412562310882090", "type": "openvas", "title": "CentOS Update for glibc CESA-2015:0016 centos6 ", "description": "Check the version of glibc", "published": "2015-01-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882090", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-07-25T10:53:27"}, {"id": "OPENVAS:1361412562310850610", "type": "openvas", "title": "SuSE Update for glibc openSUSE-SU-2014:1115-1 (glibc)", "description": "Check for the Version of glibc", "published": "2014-09-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850610", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-0475"], "lastseen": "2017-07-26T08:48:52"}, {"id": "OPENVAS:1361412562310851101", "type": "openvas", "title": "SuSE Update for glibc SUSE-SU-2014:1129-1 (glibc)", "description": "Check the version of glibc", "published": "2015-10-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851101", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2013-4357", "CVE-2012-6656"], "lastseen": "2017-07-26T08:53:17"}, {"id": "OPENVAS:1361412562310869060", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2015-2845", "description": "Check the version of glibc", "published": "2015-03-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869060", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-0475"], "lastseen": "2017-07-25T10:52:18"}, {"id": "OPENVAS:703142", "type": "openvas", "title": "Debian Security Advisory DSA 3142-1 (eglibc - security update)", "description": "Several vulnerabilities have been\nfixed in eglibc, Debian", "published": "2015-01-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703142", "cvelist": ["CVE-2015-0235", "CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "lastseen": "2017-07-24T12:53:28"}], "centos": [{"id": "CESA-2015:0016", "type": "centos", "title": "glibc, nscd security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0016\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-January/020863.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0016.html", "published": "2015-01-07T22:45:41", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-January/020863.html", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-12-05T20:03:56"}, {"id": "CESA-2015:0327", "type": "centos", "title": "glibc, nscd security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0327\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/001556.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0327.html", "published": "2015-03-17T13:28:04", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001556.html", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2016-12-05T20:08:27"}], "redhat": [{"id": "RHSA-2015:0016", "type": "redhat", "title": "(RHSA-2015:0016) Moderate: glibc security and bug fix update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the wordexp() function would perform command substitution\neven when the WRDE_NOCMD flag was specified. An attacker able to provide\nspecially crafted input to an application using the wordexp() function, and\nnot sanitizing the input correctly, could potentially use this flaw to\nexecute arbitrary commands with the credentials of the user running that\napplication. (CVE-2014-7817)\n\nThe CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat\nDeveloper Experience Team.\n\nThis update also fixes the following bugs:\n\n* Previously, when an address lookup using the getaddrinfo() function for\nthe AF_UNSPEC value was performed on a defective DNS server, the server in\nsome cases responded with a valid response for the A record, but a referral\nresponse for the AAAA record, which resulted in a lookup failure. A prior\nupdate was implemented for getaddrinfo() to return the valid response, but\nit contained a typographical error, due to which the lookup could under\nsome circumstances still fail. This error has been corrected and\ngetaddrinfo() now returns a valid response in the described circumstances.\n(BZ#1172023)\n\n* An error in the dlopen() library function previously caused recursive\ncalls to dlopen() to terminate unexpectedly or to abort with a library\nassertion. This error has been fixed and recursive calls to dlopen() no\nlonger crash or abort. (BZ#1173469)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "published": "2015-01-07T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0016", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2017-03-06T01:18:16"}, {"id": "RHSA-2015:0327", "type": "redhat", "title": "(RHSA-2015:0327) Moderate: glibc security and bug fix update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function\nconverted certain encoded data to UTF-8. An attacker able to make an\napplication call the iconv() function with a specially crafted argument\ncould use this flaw to crash that application. (CVE-2014-6040)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nThis update also fixes the following bugs:\n\n* Due to problems with buffer extension and reallocation, the nscd daemon\nterminated unexpectedly with a segmentation fault when processing long\nnetgroup entries. With this update, the handling of long netgroup entries\nhas been corrected and nscd no longer crashes in the described scenario.\n(BZ#1138520)\n\n* If a file opened in append mode was truncated with the ftruncate()\nfunction, a subsequent ftell() call could incorrectly modify the file\noffset. This update ensures that ftell() modifies the stream state only\nwhen it is in append mode and the buffer for the stream is not empty.\n(BZ#1156331)\n\n* A defect in the C library headers caused builds with older compilers to\ngenerate incorrect code for the btowc() function in the older compatibility C++\nstandard library. Applications calling btowc() in the compatibility C++ standard\nlibrary became unresponsive. With this update, the C library headers have been\ncorrected, and the compatibility C++ standard library shipped with Red Hat\nEnterprise Linux has been rebuilt. Applications that rely on the compatibility\nC++ standard library no longer hang when calling btowc(). (BZ#1120490)\n\n* Previously, when using netgroups and the nscd daemon was set up to cache\nnetgroup information, the sudo utility denied access to valid users. The bug in\nnscd has been fixed, and sudo now works in netgroups as\nexpected. (BZ#1080766)\n\nUsers of glibc are advised to upgrade to these updated packages, which fix these\nissues.\n", "published": "2015-03-05T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0327", "cvelist": ["CVE-2014-6040", "CVE-2014-8121"], "lastseen": "2017-07-31T10:57:41"}], "oraclelinux": [{"id": "ELSA-2015-0016", "type": "oraclelinux", "title": "glibc security and bug fix update", "description": "[2.12-1.149.4]\n- Fix recursive dlopen() (#1173469).\n[2.12-1.149.3]\n- Fix typo in res_send and res_query (#rh1172023).\n[2.12-1.149.2]\n- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1139571).\n[2.12-1.149.1]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170121).", "published": "2015-01-07T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0016.html", "cvelist": ["CVE-2014-6040", "CVE-2014-7817"], "lastseen": "2016-09-04T11:16:37"}, {"id": "ELSA-2015-0327", "type": "oraclelinux", "title": "glibc security and bug fix update", "description": "[2.17-78.0.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-78]\n- Fix ppc64le builds (#1077389).\n[2.17-77]\n- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183545).\n[2.17-76]\n- Fix application crashes during calls to gettimeofday on ppc64\n when kernel exports gettimeofday via VDSO (#1077389).\n- Prevent NSS-based file backend from entering infinite loop\n when different APIs request the same service (CVE-2014-8121, #1182272).\n[2.17-75]\n- Fix permission of debuginfo source files to allow multiarch\n debuginfo packages to be installed and upgraded (#1170110).\n[2.17-74]\n- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170487).\n[2.17-73]\n- ftell: seek to end only when there are unflushed bytes (#1156331).\n[2.17-72]\n- [s390] Fix up _dl_argv after adjusting arguments in _dl_start_user (#1161666).\n[2.17-71]\n- Fix incorrect handling of relocations in 64-bit LE mode for Power\n (#1162847).\n[2.17-70]\n- [s390] Retain stack alignment when skipping over loader argv (#1161666).\n[2.17-69]\n- Use __int128_t in link.h to support older compiler (#1120490).\n[2.17-68]\n- Revert to defining __extern_inline only for gcc-4.3+ (#1120490).\n[2.17-67]\n- Correct a defect in the generated math error table in the manual (#786638).\n[2.17-66]\n- Include preliminary thread, signal and cancellation safety documentation\n in manual (#786638).\n[2.17-65]\n- PowerPC 32-bit and 64-bit optimized function support using STT_GNU_IFUNC\n (#731837).\n- Support running Intel MPX-enabled applications (#1132518).\n- Support running Intel AVX-512-enabled applications (#1140272).\n[2.17-64]\n- Fix crashes on invalid input in IBM gconv modules (#1140474, CVE-2014-6040).\n[2.17-63]\n- Build build-locale-archive statically (#1070611).\n- Return failure in getnetgrent only when all netgroups have been searched\n (#1085313).\n[2.17-62]\n- Don't use alloca in addgetnetgrentX (#1138520).\n- Adjust pointers to triplets in netgroup query data (#1138520).\n[2.17-61]\n- Set CS_PATH to just /use/bin (#1124453).\n- Add systemtap probe in lll_futex_wake for ppc and s390 (#1084089).\n[2.17-60]\n- Add mmap usage to malloc_info output (#1103856).\n- Fix nscd lookup for innetgr when netgroup has wildcards (#1080766).\n- Fix memory order when reading libgcc handle (#1103874).\n- Fix typo in nscd/selinux.c (#1125306).\n- Do not fail if one of the two responses to AF_UNSPEC fails (#1098047).\n[2.17-59]\n- Provide correct buffer length to netgroup queries in nscd (#1083647).\n- Return NULL for wildcard values in getnetgrent from nscd (#1085290).\n- Avoid overlapping addresses to stpcpy calls in nscd (#1083644).\n- Initialize all of datahead structure in nscd (#1083646).\n[2.17-58]\n- Remove gconv transliteration loadable modules support (CVE-2014-5119,\n - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,\n[2.17-57]\n- Merge 64-bit ARM (AArch64) support (#1027179).\n- Fix build failure for rtkaio/tst-aiod2.c and rtkaio/tst-aiod3.c.\n[2.17-56]\n- Merge LE 64-bit POWER support (#1125513).\n[2.17-55.4]\n- Fix tst-cancel4, tst-cancelx4, tst-cancel5, and tst-cancelx5 for all targets.\n- Fix tst-ildoubl, and tst-ldouble for POWER.\n- Allow LE 64-bit POWER to build with VSX if enabled (#1124048).\n[2.17-55.3]\n- Fix ppc64le ABI issue with pthread_atfork being present in libpthread.so.0.\n[2.17-55.2]\n- Add ABI baseline for 64-bit POWER LE.\n[2.17-55.1]\n- Add 64-bit POWER LE support.", "published": "2015-03-09T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0327.html", "cvelist": ["CVE-2015-0235", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-8121", "CVE-2014-7817", "CVE-2014-0475"], "lastseen": "2016-09-04T11:16:59"}], "suse": [{"id": "OPENSUSE-SU-2014:1115-1", "type": "suse", "title": "glibc (important)", "description": "glibc was updated to fix three security issues:\n\n - A directory traversal in locale environment handling was fixed\n (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)\n\n - Disable gconv transliteration module loading which could be used for\n code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)\n\n - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,\n bnc#894553, BZ #17325)\n\n", "published": "2014-09-11T09:04:39", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00009.html", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2014-0475"], "lastseen": "2016-09-04T11:17:43"}, {"id": "SUSE-SU-2014:1129-1", "type": "suse", "title": "Security update for glibc (important)", "description": "This glibc update fixes a critical privilege escalation problem and two\n additional issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#836746: Avoid race between {, __de}allocate_stack and\n __reclaim_stacks during fork.\n * bnc#844309: Fixed various overflows, reading large /etc/hosts or\n long names. (CVE-2013-4357)\n * bnc#894553, bnc#894556: Fixed various crashes on invalid input in\n IBM gconv modules. (CVE-2014-6040, CVE-2012-6656)\n\n Security Issues:\n\n * CVE-2012-6656\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656</a>&gt;\n * CVE-2013-4357\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357</a>&gt;\n * CVE-2014-5119\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>&gt;\n * CVE-2014-6040\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040</a>&gt;\n\n", "published": "2014-09-15T19:06:41", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html", "cvelist": ["CVE-2014-5119", "CVE-2014-6040", "CVE-2013-4357", "CVE-2012-6656"], "lastseen": "2016-09-04T12:14:55"}, {"id": "SUSE-SU-2014:1128-1", "type": "suse", "title": "Security update for glibc (important)", "description": "This glibc update fixes a critical privilege escalation problem and the\n following security and non-security issues:\n\n * bnc#892073: An off-by-one error leading to a heap-based buffer\n overflow was found in __gconv_translit_find(). An exploit that\n targets the problem is publicly available. (CVE-2014-5119)\n * bnc#882600: Copy filename argument in\n posix_spawn_file_actions_addopen. (CVE-2014-4043)\n * bnc#860501: Use O_LARGEFILE for utmp file.\n * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff.\n * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)\n * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)\n * bnc#824639: Drop lock before calling malloc_printerr.\n * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)\n * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)\n * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv\n modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556,\n BZ#17325, BZ#14134)\n\n Security Issues:\n\n * CVE-2014-5119\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119</a>&gt;\n * CVE-2014-4043\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043</a>&gt;\n * CVE-2013-4332\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332</a>&gt;\n * CVE-2013-4237\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237</a>&gt;\n * CVE-2013-0242\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242</a>&gt;\n * CVE-2012-4412\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412</a>&gt;\n\n\n", "published": "2014-09-15T19:04:18", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00019.html", "cvelist": ["CVE-2013-0242", "CVE-2014-5119", "CVE-2014-4043", "CVE-2014-6040", "CVE-2012-4412", "CVE-2013-4332", "CVE-2012-6656", "CVE-2013-4237"], "lastseen": "2016-09-04T11:57:20"}], "ubuntu": [{"id": "USN-2432-1", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "description": "Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled \ncertain multibyte characters when using the iconv function. An attacker \ncould possibly use this issue to cause applications to crash, resulting in \na denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu \n12.04 LTS. ([CVE-2012-6656](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-6656>))\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly \nhandled certain multibyte characters when using the iconv function. An \nattacker could possibly use this issue to cause applications to crash, \nresulting in a denial of service. ([CVE-2014-6040](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6040>))\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the \nWRDE_NOCMD flag when handling the wordexp function. An attacker could \npossibly use this issue to execute arbitrary commands. ([CVE-2014-7817](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7817>))", "published": "2014-12-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/usn/usn-2432-1/", "cvelist": ["CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "lastseen": "2017-08-09T19:15:02"}], "debian": [{"id": "DSA-3142", "type": "debian", "title": "eglibc -- security update", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:\n\n * [CVE-2015-0235](<https://security-tracker.debian.org/tracker/CVE-2015-0235>)\n\nQualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions.\n\nThe original glibc bug was reported by Peter Klotz.\n\n * [CVE-2014-7817](<https://security-tracker.debian.org/tracker/CVE-2014-7817>)\n\nTim Waugh of Red Hat discovered that the WRDE_NOCMD option of the wordexp function did not suppress command execution in all cases. This allows a context-dependent attacker to execute shell commands.\n\n * [CVE-2012-6656](<https://security-tracker.debian.org/tracker/CVE-2012-6656>) [CVE-2014-6040](<https://security-tracker.debian.org/tracker/CVE-2014-6040>)\n\nThe charset conversion code for certain IBM multi-byte code pages could perform an out-of-bounds array access, causing the process to crash. In some scenarios, this allows a remote attacker to cause a persistent denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 2.13-38+deb7u7.\n\nFor the upcoming stable distribution (jessie) and the unstable distribution (sid), the [CVE-2015-0235](<https://security-tracker.debian.org/tracker/CVE-2015-0235>) issue has been fixed in version 2.18-1 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.", "published": "2015-01-27T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3142", "cvelist": ["CVE-2015-0235", "CVE-2014-6040", "CVE-2014-7817", "CVE-2012-6656"], "lastseen": "2016-09-02T18:24:07"}], "slackware": [{"id": "SSA-2014-296-01", "type": "slackware", "title": "glibc", "description": "New glibc packages are available for Slackware 14.1 and -current to fix\nsecurity issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/glibc-2.17-i486-8_slack14.1.txz: Rebuilt.\n This update fixes several security issues, and adds an extra security\n hardening patch from Florian Weimer. Thanks to mancha for help with\n tracking and backporting patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040\n (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-profile-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz: Rebuilt.\npatches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz: Upgraded.\n Upgraded to tzcode2014i and tzdata2014i.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-8_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2014i-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.20-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.20-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2014i-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.20-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.20-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 packages:\n8995409d8ed617125649aaab14299f61 glibc-2.17-i486-8_slack14.1.txz\n877bba4ad31eb68c7e7cce11f6aafd5b glibc-i18n-2.17-i486-8_slack14.1.txz\nf89a9319a1798771b26488e99f0dd1af glibc-profile-2.17-i486-8_slack14.1.txz\nd1756f2721cbb2955152c46ef5fab72e glibc-solibs-2.17-i486-8_slack14.1.txz\nc7080f6d7f309ba2905dacfa555a8115 glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n32904ee5d2a3177d621c4c6f2aa6e67f glibc-2.17-x86_64-8_slack14.1.txz\n1bb4ddd6d4043d632e78dbf3103f2f7c glibc-i18n-2.17-x86_64-8_slack14.1.txz\ne6914d464f57ea493502eea4dd40044a glibc-profile-2.17-x86_64-8_slack14.1.txz\n04562128e188daaad7fdab49756a22f2 glibc-solibs-2.17-x86_64-8_slack14.1.txz\nc7080f6d7f309ba2905dacfa555a8115 glibc-zoneinfo-2014i-noarch-1_slack14.1.txz\n\nSlackware -current packages:\nf547fe51634c852ae17cb1f6c39203e1 a/glibc-solibs-2.20-i486-1.txz\nc7080f6d7f309ba2905dacfa555a8115 a/glibc-zoneinfo-2014i-noarch-1.txz\nf9923d8006a3c03520e93608114cb7de l/glibc-2.20-i486-1.txz\n658301364b68e79d53acb607cd399504 l/glibc-i18n-2.20-i486-1.txz\nd03947abf3d4be41f7bfb0a71bd29f35 l/glibc-profile-2.20-i486-1.txz\n\nSlackware x86_64 -current packages:\na0f46b305c27dd0c80e65cc77254bdf2 a/glibc-solibs-2.20-x86_64-1.txz\nc7080f6d7f309ba2905dacfa555a8115 a/glibc-zoneinfo-2014i-noarch-1.txz\nd673acf56308355713ac67ae68e6bd2b l/glibc-2.20-x86_64-1.txz\n410918dc8bf5b7a84d1bed5b6e125ee3 l/glibc-i18n-2.20-x86_64-1.txz\nc023f4514cd0a672e4852986c74268e6 l/glibc-profile-2.20-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg glibc-*.txz", "published": "2014-10-23T22:36:04", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059", "cvelist": ["CVE-2014-5119", "CVE-2014-4043", "CVE-2014-6040", "CVE-2013-4788", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4458", "CVE-2013-4237", "CVE-2014-0475"], "lastseen": "2016-09-07T19:54:44"}], "gentoo": [{"id": "GLSA-201602-02", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n * The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). \n * The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). \n * An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). \n * Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. \n\n### Impact\n\nA remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. \n\n### Workaround\n\nA number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below. \n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.21-r2\"\n \n\nIt is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please see bug 574948.", "published": "2016-02-17T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201602-02", "cvelist": ["CVE-2015-8776", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-8121", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-7817", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423", "CVE-2014-0475", "CVE-2015-7547"], "lastseen": "2016-09-06T19:46:03"}]}}