DEBIAN-CVE-2015-8984

The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read...

CVE-2015-8984

The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read...

F5 Networks BIG-IP : glibc vulnerability (SOL09408132)

Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than...

UBUNTU-CVE-2015-8984

The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read...

CVE-2015-8984

The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read...

Scientific Linux Security Update : glibc on SL7.x x86_64 (20151119)

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

PT-2015-7848 · Gnu +2 · Gnu C Library +2

Name of the Vulnerable Software and Affected Versions: GNU C Library versions prior to 2.22 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing a malformed pattern that triggers an out-of-bounds read in the fnmatc...

SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2015:1844-1)

glibc was updated to fix bugs and security issues. Security issues fixed : - A buffer overflow in nssdns was fixed that could lead to crashes. CVE-2015-1781, bsc927080, BZ 18287 - A denial of service attack out of memory in the NSS files backend was fixed CVE-2014-8121, bsc918187, GLIBC BZ 18007...

Debian DLA-316-1 : eglibc security update

Several vulnerabilities have been discovered in eglibc that may lead to a privilege escalation or denial of service. Glibc pointer guarding weakness A weakness in the dynamic loader prior has been found. The issue is that the LDPOINTERGUARD in the environment is not sanitized allowing local...

[SECURITY] [DLA 316-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u7 CVE ID : CVE-2014-8121 Bug-Reference : 779587 Several vulnerabilities have been discovered in eglibc that may lead to a privilege escalation or denial of service. Glibc pointer guarding weakness A weakness in the dynamic loader prior has been found. The...

DLA-316-1 eglibc - security update

Bulletin has no description...

SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2015:1424-1)

This update for glibc provides fixes for security and non-security issues. These security issues have been fixed : - CVE-2015-1781: Buffer length after padding in resolv/nssdns/dns-host.c. bsc927080 - CVE-2013-2207: ptchown did not properly check permissions for tty files, which allowed local use...

SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928

The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...

Updated glibc packages fix security vulnerabilities

Updated glibc package fixes security vulnerabilities: It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in...

GNU glibc 'fnmatch_loop.c' remote buffer overflow vulnerability

GNU glibc is an implementation of the C library for the Linux operating system. A remote buffer overflow vulnerability exists in GNU glibc 'fnmatchloop.c', which can be exploited by an attacker to execute arbitrary code or launch a denial of service attack in the context of an affected applicatio...

F5 Networks BIG-IP : Apache vulnerability (SOL15920)

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

GNU glibc < 2.12.2 'fnmatch()' Function Stack Corruption Vulnerability

No description provided by source. / Source: http://www.securityfocus.com/bid/46563/info GNU glibc is prone to a stack-corruption vulnerability. An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit...

ESXi 5.0 < Build 515841 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - A security bypass vulnerability exists in the e1000 driver in the Linux kernel due to improper handling of Ethernet frames that exceed the MTU. An unauthenticated, remote attacker can exploit this, via...

Oracle Linux 4 : php (ELSA-2008-0545)

From Red Hat Security Advisory 2008:0545 : Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

Scientific Linux Security Update : php on SL5.x i386/x86_64

It was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd and execute arbitrary commands if the PHP script was usi...