glibc security, bug fix, and enhancement update

2.12-1.149 - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, 2.12-1.148 - Switch gettimeofday from INTUSE to libchiddenproto 1099025. 2.12-1.147 - Fix stack overflow due to large AFINET6 requests...

RedHat Update for glibc RHSA-2014:1391-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

glibc: Invalid-free when using getaddrinfo()

An invalid free flaw was found in glibc's getaddrinfo function when used with the AIIDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected...

Moderate: Red Hat Security Advisory: glibc security, bug fix, and enhancement update

Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

Ubuntu 10.04 LTS : eglibc regression (USN-2306-3)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the...

USN-2306-3: GNU C Library regression

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Maksymilian Arciemowicz discovered that the GNU C Library...

Ubuntu 10.04 LTS : eglibc regression (USN-2306-2)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon nscd, such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to b...

USN-2306-2: GNU C Library regression

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon nscd, such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to b...

USN-2306-1: GNU C Library vulnerabilities

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. CVE-2013-4357 It was discovered that the GNU C Library incorrectly handled the...

USN-2306-1 eglibc vulnerabilities

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. CVE-2013-4357 It was discovered that the GNU C Library incorrectly handled the...

Amazon Linux AMI : glibc (ALAS-2013-270)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

DEBIAN-CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

Stack overflow

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

CVE-2013-4458

CVE-2013-4458 describes a stack-based overflow in glibc's getaddrinfo (sysdeps/posix/getaddrinfo.c) that can cause DoS via a hostname or IP that yields many AF_INET6 results. Concrete tie-ins exist: CVE-2016-3706 notes this vulnerability exists due to an incomplete fix for CVE-2013-4458, and Debi...

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

UBUNTU-CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.18 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of AFINET6 address results. NOTE: th...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20131121)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...