MiracleLinux 3 : glibc-2.5-118.3.0.1.AXS3 (AXSA:2014-522:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-522:01 advisory. Description: The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory,...

Security Bulletin: Two (2) Vulnerabilities in glibc affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems (CVE-2014-5119 and CVE-2014-0475)

Summary Vulnerabilities have been found in glibc packages, which contain standard C libraries used by multiple programs on the system. They affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilities, if exploited, could allow execution of arbitrary code on th...

K15640: GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458

Security Advisory Description CVE-2014-0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other...

Slackware: Security Advisory (SSA:2014-296-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0551-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:1027-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in GNU C Library affects IBM SmartCloud Provisioning for Software Virtual Appliance (CVE-2014-5119, CVE-2014-0475)

Summary Vulnerabilities have been identified in the GNU C Library glibc packages for the standard C and the standard math libraries on Linux systems, that affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance CVE-2014-5119, CVE-2014-0475. Vulnerability Details CVE-ID: CVE-2014-511...

Debian DLA-43-1 : eglibc security update

CVE-2014-0475 Stephane Chazelas discovered that the GNU C library, glibc, processed '..' path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings...

Fedora Update for glibc FEDORA-2015-2845

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)

The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long Orabug 19951108 - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin - Fix parsing of numeric hosts ...

glibc security update

Oracle Linux 7: 2.17-55.0.4.el70.5 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.5 - Rebuild and run regression testing...

glibc security and bug fix update

2.17-55.0.4.el70.3 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.3 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170118...

OracleVM 3.3 : glibc (OVMSA-2014-0017)

The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, - Don't use alloca in addgetnetgrentX 1087789. - Adjust...

Fedora Update for glibc FEDORA-2014-9830

Check the version of glibc SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868418";...

Fedora 19 : glibc-2.17-21.fc19 (2014-9830)

An off-by-one heap-based buffer overflow flaw was found in glibc's internal gconvtranslitfind function. An attacker able to make an application call the iconvopen function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that...

openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)

glibc was updated to fix three security issues : - A directory traversal in locale environment handling was fixed CVE-2014-0475, bnc887022, GLIBC BZ 17137 - Disable gconv transliteration module loading which could be used for code execution CVE-2014-5119, bnc892073, GLIBC BZ 17187 - Fix crashes o...

glibc (important)

glibc was updated to fix three security issues: - A directory traversal in locale environment handling was fixed CVE-2014-0475, bnc887022, GLIBC BZ 17137 - Disable gconv transliteration module loading which could be used for code execution CVE-2014-5119, bnc892073, GLIBC BZ 17187 - Fix crashes on...

Ubuntu 10.04 LTS : eglibc regression (USN-2306-3)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the...

USN-2306-3: GNU C Library regression

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Maksymilian Arciemowicz discovered that the GNU C Library...