Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3239-2
HistoryMar 21, 2017 - 12:00 a.m.

GNU C Library Regression

2017-03-2100:00:00
ubuntu.com
47

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.7%

JSON

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • eglibc - GNU C Library
  • glibc - GNU C Library

Details

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,
the fix for CVE-2015-5180 introduced an internal ABI change within
the resolver library. This update reverts the change. We apologize
for the inconvenience.

Please note that long-running services that were restarted to compensate
for the USN-3239-1 update may need to be restarted again.

Original advisory details:

It was discovered that the GNU C Library incorrectly handled the
strxfrm() function. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only affected
Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could
use this to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library
did not properly handle certain malformed patterns. An attacker could
use this to cause a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the
glob implementation of the GNU C Library. An attacker could use this
to specially craft a directory layout and cause a denial of service.
(CVE-2016-1234)

Florian Weimer discovered a NULL pointer dereference in the DNS
resolver of the GNU C Library. An attacker could use this to cause
a denial of service. (CVE-2015-5180)

Michael Petlan discovered an unbounded stack allocation in the
getaddrinfo() function of the GNU C Library. An attacker could use
this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc
implementation in the GNU C Library. An attacker could use this to
cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the
GNU C Library did not properly track memory allocations. An attacker
could use this to cause a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit
platforms did not properly set up execution contexts. An attacker
could use this to cause a denial of service. (CVE-2016-6323)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibc6<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchglibc-doc<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchglibc-source<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc-bin<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc-bin-dbgsym<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc-dev-bin<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc-dev-bin-dbgsym<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc6-dbg<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc6-dbgsym<Ā 2.23-0ubuntu7UNKNOWN
Ubuntu16.04noarchlibc6-dev<Ā 2.23-0ubuntu7UNKNOWN
Rows per page:
1-10 of 711

Related

cloudfoundry 2
nessus 45
openvas 36
ubuntu 4
ibm 13
mageia 3
archlinux 6
oraclelinux 5
photon 3
gentoo 1
altlinux 2
fedora 11
prion 10
osv 3
ubuntucve 12
f5 12
cve 10
debian 2
debiancve 10
redhatcve 4
rosalinux 1
symantec 1
android 2
veracode 1
cloudfoundry
cloudfoundry
USN-3239-2: GNU C Library Regression | Cloud Foundry
2017-03-31 00:00:00
USN-3759-1: libtirpc vulnerabilities | Cloud Foundry
2018-09-27 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : GNU C Library vulnerabilities (USN-3239-1)
2017-03-21 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : GNU C Library Regression (USN-3239-2)
2017-03-22 00:00:00
Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)
2017-03-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3239-3)
2017-03-25 00:00:00
Ubuntu: Security Advisory (USN-3239-1)
2017-03-21 00:00:00
Ubuntu: Security Advisory (USN-3239-2)
2017-03-22 00:00:00
ubuntu
ubuntu
GNU C Library regression
2017-03-24 00:00:00
GNU C Library vulnerabilities
2017-03-21 00:00:00
libtirpc vulnerabilities
2018-09-05 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple glibc vulnerabilities (CVE-2016-1234, CVE-2016-3706, CVE-2016-4429)
2018-06-18 01:34:54
Security Bulletin: Vulnerabilities in Glibc affect IBM Security Network Controller (CVE-2016-3706, CVE-2016-4429)
2018-06-16 21:49:05
Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2016-3706, CVE-2016-4429)
2018-06-16 21:49:05
mageia
mageia
Updated glibc packages fix security vulnerability
2017-03-27 16:55:27
Updated glibc packages fix security vulnerabilities
2016-05-24 01:00:58
Updated glibc and libtirpc packages fixes security vulnerability
2016-07-31 23:39:13
archlinux
archlinux
lib32-glibc: multiple issues
2016-05-13 00:00:00
glibc: multiple issues
2016-05-13 00:00:00
glibc: denial of service
2016-06-19 00:00:00
oraclelinux
oraclelinux
glibc security and bug fix update
2019-08-13 00:00:00
glibc security update
2019-08-19 00:00:00
glibc security, bug fix, and enhancement update
2020-10-06 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2017-0037
2017-04-24 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0013
2017-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2017-0088
2017-11-30 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2017-06-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.23-alt2
2016-05-10 00:00:00
Security fix for the ALT Linux 9 package glibc version 6:2.23-alt3
2016-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: glibc-2.23.1-7.fc24
2016-05-14 23:42:24
[SECURITY] Fedora 25 Update: glibc-arm-linux-gnu-2.24-2.fc25
2016-10-14 19:54:10
[SECURITY] Fedora 26 Update: glibc-2.25-12.fc26
2017-10-25 23:16:57
prion
prion
Out-of-bounds
2017-03-20 16:59:00
Integer overflow
2017-03-20 16:59:00
Integer overflow
2017-03-15 19:59:00
osv
osv
eglibc - security update
2016-05-30 00:00:00
CVE-2016-5417
2017-02-17 02:59:13
libtirpc - security update
2020-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2015-8983
2015-12-31 00:00:00
CVE-2015-8984
2015-12-31 00:00:00
CVE-2015-8982
2015-12-31 00:00:00
f5
f5
K29241247 : GNU C Library (glibc) vulnerability CVE-2015-8984
2017-04-26 00:00:00
K39204079 : GNU C Library vulnerability CVE-2015-8983
2017-04-26 00:00:00
K71877858 : glibc vulnerability CVE-2015-8982
2017-04-18 00:00:00
cve
cve
CVE-2015-8984
2017-03-20 16:59:00
CVE-2015-8983
2017-03-20 16:59:00
CVE-2015-8982
2017-03-15 19:59:00
debian
debian
[SECURITY] [DLA 494-1] eglibc security update
2016-05-30 04:24:49
[SECURITY] [DLA 2256-1] libtirpc security update
2020-06-28 12:20:53
debiancve
debiancve
CVE-2015-8983
2017-03-20 16:59:00
CVE-2015-8984
2017-03-20 16:59:00
CVE-2015-8982
2017-03-15 19:59:00
redhatcve
redhatcve
CVE-2016-5417
2016-08-02 13:18:20
CVE-2016-6323
2016-10-10 11:47:22
CVE-2016-4429
2016-05-18 11:48:33
rosalinux
rosalinux
Advisory ROSA-SA-2021-1844
2021-07-02 16:56:21
symantec
symantec
GNU glibc CVE-2015-5180 Remote Denial of Service Vulnerability
2017-06-27 00:00:00
android
android
CVE-2016-4429
2017-12-01 00:00:00
CVE-2016-3706
2017-12-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 02:50:40

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.7%

JSON
Related for USN-3239-2
cloudfoundry2nessus45openvas36ubuntu4ibm13mageia3archlinux6oraclelinux5photon3gentoo1altlinux2fedora11prion10osv3ubuntucve12f512cve10debian2debiancve10redhatcve4rosalinux1symantec1android2veracode1