GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Overview The nsshostnamedigitsdots function of the GNU C Library glibc allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". Description According to Qualys, the...

Qualys Security Advisory - glibc gethostbyname Buffer Overflow

Qualys Security Advisory CVE-2015-0235 GHOST: glibc gethostbyname buffer overflow -- Contents ---------------------------------------------------------------- 1 - Summary 2 - Analysis 3 - Mitigating factors 4 - Case studies 5 - Exploitation 6 - Acknowledgments -- 1 - Summary...

Fedora 20 : glibc-2.18-14.fc20 (2014-9824)

Locale names, including those obtained from environment variables LANG and the LC variables, are more tightly checked for proper syntax. setlocale will now fail with EINVAL for locale names that are overly long, contain slashes without starting with a slash, or contain '..' path components...

CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library aka glibc or libc6 2.18 and earlier allow context-dependent attackers to cause a denial of service heap corruption via a large value to the 1 pvalloc, 2 valloc, 3 posixmemalign, 4 memalign, or 5 alignedalloc functions...