[SECURITY] [DLA 494-1] eglibc security update

2016-05-3004:24:49

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Package : eglibc
Version : 2.13-38+deb7u11
CVE ID : CVE-2016-1234 CVE-2016-3075 CVE-2016-3706

Several vulnerabilities have been fixed in the Debian GNU C Library,
eglibc:

CVE-2016-1234

Alexander Cherepanov discovered that the glibc&#x27;s glob implementation
suffered from a stack-based buffer overflow when it was called with the
GLOB_ALTDIRFUNC flag and encountered a long file name.

CVE-2016-3075

The getnetbyname implementation in nss_dns was susceptible to a stack
overflow and a crash if it was invoked on a very long name.

CVE-2016-3706

Michael Petlan reported that getaddrinfo copied large amounts of address
data to the stack, possibly leading to a stack overflow. This complements
the fix for CVE-2013-4458.

For Debian 7 "Wheezy", these problems have been fixed in version
2.13-38+deb7u11.

We recommend you to upgrade your eglibc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system, and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8arm64libnss-files-udeb< 2.19-18+deb8u5libnss-files-udeb_2.19-18+deb8u5_arm64.deb
Debian7armhflocales-all< 2.13-38+deb7u11locales-all_2.13-38+deb7u11_armhf.deb
Debian8armhflibc-bin< 2.19-18+deb8u5libc-bin_2.19-18+deb8u5_armhf.deb
Debian7armellibc6-pic< 2.13-38+deb7u11libc6-pic_2.13-38+deb7u11_armel.deb
Debian8amd64libc-bin< 2.19-18+deb8u5libc-bin_2.19-18+deb8u5_amd64.deb
Debian7amd64libc6-prof< 2.13-38+deb7u11libc6-prof_2.13-38+deb7u11_amd64.deb
Debian8i386libc6-amd64< 2.19-18+deb8u5libc6-amd64_2.19-18+deb8u5_i386.deb
Debian8armhflibc6-pic< 2.19-18+deb8u5libc6-pic_2.19-18+deb8u5_armhf.deb
Debian8mipsmultiarch-support< 2.19-18+deb8u5multiarch-support_2.19-18+deb8u5_mips.deb
Debian8s390xlibnss-files-udeb< 2.19-18+deb8u5libnss-files-udeb_2.19-18+deb8u5_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libnss-files-udeb	< 2.19-18+deb8u5	libnss-files-udeb_2.19-18+deb8u5_arm64.deb
Debian	7	armhf	locales-all	< 2.13-38+deb7u11	locales-all_2.13-38+deb7u11_armhf.deb
Debian	8	armhf	libc-bin	< 2.19-18+deb8u5	libc-bin_2.19-18+deb8u5_armhf.deb
Debian	7	armel	libc6-pic	< 2.13-38+deb7u11	libc6-pic_2.13-38+deb7u11_armel.deb
Debian	8	amd64	libc-bin	< 2.19-18+deb8u5	libc-bin_2.19-18+deb8u5_amd64.deb
Debian	7	amd64	libc6-prof	< 2.13-38+deb7u11	libc6-prof_2.13-38+deb7u11_amd64.deb
Debian	8	i386	libc6-amd64	< 2.19-18+deb8u5	libc6-amd64_2.19-18+deb8u5_i386.deb
Debian	8	armhf	libc6-pic	< 2.19-18+deb8u5	libc6-pic_2.19-18+deb8u5_armhf.deb
Debian	8	mips	multiarch-support	< 2.19-18+deb8u5	multiarch-support_2.19-18+deb8u5_mips.deb
Debian	8	s390x	libnss-files-udeb	< 2.19-18+deb8u5	libnss-files-udeb_2.19-18+deb8u5_s390x.deb