SUSE-SU-2015:0526-1

These security issues were fixed: - CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((...))' (bnc#906371). - CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222). - CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599). - CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526).

These non-security issues were fixed: - Fix infinite loop in check_pf (bsc#909053) - Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985). - Don't touch user-controlled stdio locks in forked child (bsc#864081) - Don't use gcc extensions for non-gcc compilers (bsc#905313)

References

Affected packages

SUSE:Linux Enterprise Desktop 12

glibc

Package

Name: glibc
Purl: pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "nscd": "2.19-20.3",
            "glibc-32bit": "2.19-20.3",
            "glibc-locale": "2.19-20.3",
            "glibc-locale-32bit": "2.19-20.3",
            "glibc": "2.19-20.3",
            "glibc-devel": "2.19-20.3",
            "glibc-devel-32bit": "2.19-20.3",
            "glibc-i18ndata": "2.19-20.3"
        }
    ]
}

SUSE:Linux Enterprise Server 12

glibc

Package

Name: glibc
Purl: pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "nscd": "2.19-20.3",
            "glibc-locale-32bit": "2.19-20.3",
            "glibc-locale": "2.19-20.3",
            "glibc-32bit": "2.19-20.3",
            "glibc-profile": "2.19-20.3",
            "glibc": "2.19-20.3",
            "glibc-html": "2.19-20.3",
            "glibc-devel": "2.19-20.3",
            "glibc-profile-32bit": "2.19-20.3",
            "glibc-devel-32bit": "2.19-20.3",
            "glibc-i18ndata": "2.19-20.3",
            "glibc-info": "2.19-20.3"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12

glibc

Package

Name: glibc
Purl: pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "nscd": "2.19-20.3",
            "glibc-locale-32bit": "2.19-20.3",
            "glibc-locale": "2.19-20.3",
            "glibc-32bit": "2.19-20.3",
            "glibc-profile": "2.19-20.3",
            "glibc": "2.19-20.3",
            "glibc-html": "2.19-20.3",
            "glibc-devel": "2.19-20.3",
            "glibc-profile-32bit": "2.19-20.3",
            "glibc-devel-32bit": "2.19-20.3",
            "glibc-i18ndata": "2.19-20.3",
            "glibc-info": "2.19-20.3"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12

glibc

Package

Name: glibc
Purl: pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "glibc-devel-static": "2.19-20.3"
        }
    ]
}