Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2985-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2985-1 advisory. Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain...

USN-2985-1: GNU C Library vulnerabilities

Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. CVE-2013-2207, CVE-2016-2856 Robin Hack discovered that the Name Service Switch NSS...

CVE-2015-8776

The strftime function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly obtain sensitive information via an out-of-range time value...

CVE-2015-8776

The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...

UBUNTU-CVE-2015-8776

The strftime function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly obtain sensitive information via an out-of-range time value...

GNU glibc 'strftime()' Function Memory Corruption Vulnerability

GNU glibc is an open source, free C compiler released under the LGPL license. A memory corruption vulnerability exists in the GNU glibc 'strftime' function, which could be exploited by an attacker to crash an application, resulting in a denial of service attack...

SUSE SLES11 Security Update : glibc (SUSE-SU-2016:0470-1)

This update for glibc fixes the following issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses bsc961721 - CVE-2015-8777: Insufficient checking of LDPOINTERGUARD environment...

Debian DSA-3481-1 : glibc - security update

Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. - CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AFUNSPEC querie...

[SECURITY] [DSA 3481-1] glibc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3481-1 [email protected] https://www.debian.org/security/ Florian Weimer February 16, 2016 https://www.debian.org/security/faq -...

Python 3.5 time_strftime() Buffer Over-Read

Title: Python 3.5 timestrftime Buffer Over-read Credit: John Leitch [email protected], Bryce Darling [email protected] Url1: http://autosectools.com/Page/Python-timestrftime-Buffer-Over-read Url2: http://bugs.python.org/issue24917 Resolution: Fixed Python 3.5 suffers from a vulnerability...

Wireshark IPMI Dissector Denial of Service Vulnerability - Windows

Wireshark is prone to IPMI Dissector Denial of Service vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2009-4378

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service crash via a crafted packet, related to "formatting a date/time using strftime."...

CVE-2009-4378

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service crash via a crafted packet, related to "formatting a date/time using strftime."...

CVE-2009-4378

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service crash via a crafted packet, related to "formatting a date/time using strftime."...

CVE-2009-4378

The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service crash via a crafted packet, related to "formatting a date/time using strftime."...