SUSE-SU-2015:0526-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150526-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0526-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0526-1
Related
Published
2015-03-06T15:57:36Z
Modified
2015-03-06T15:57:36Z
Summary
Security update for glibc
Details

glibc has been updated to fix four security issues.

These security issues were fixed: - CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((...))' (bnc#906371). - CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222). - CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599). - CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526).

These non-security issues were fixed: - Fix infinite loop in check_pf (bsc#909053) - Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985). - Don't touch user-controlled stdio locks in forked child (bsc#864081) - Don't use gcc extensions for non-gcc compilers (bsc#905313)

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / glibc

Package

Name
glibc
Purl
purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "glibc-locale-32bit": "2.19-20.3",
            "glibc-devel": "2.19-20.3",
            "glibc-i18ndata": "2.19-20.3",
            "nscd": "2.19-20.3",
            "glibc-locale": "2.19-20.3",
            "glibc-32bit": "2.19-20.3",
            "glibc-devel-32bit": "2.19-20.3",
            "glibc": "2.19-20.3"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / glibc

Package

Name
glibc
Purl
purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "glibc-devel-static": "2.19-20.3"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / glibc

Package

Name
glibc
Purl
purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "glibc-devel-32bit": "2.19-20.3",
            "glibc-html": "2.19-20.3",
            "glibc-locale-32bit": "2.19-20.3",
            "glibc-info": "2.19-20.3",
            "glibc-devel": "2.19-20.3",
            "glibc-i18ndata": "2.19-20.3",
            "glibc-profile": "2.19-20.3",
            "glibc-locale": "2.19-20.3",
            "nscd": "2.19-20.3",
            "glibc-32bit": "2.19-20.3",
            "glibc-profile-32bit": "2.19-20.3",
            "glibc": "2.19-20.3"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / glibc

Package

Name
glibc
Purl
purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19-20.3

Ecosystem specific

{
    "binaries": [
        {
            "glibc-devel-32bit": "2.19-20.3",
            "glibc-html": "2.19-20.3",
            "glibc-locale-32bit": "2.19-20.3",
            "glibc-info": "2.19-20.3",
            "glibc-devel": "2.19-20.3",
            "glibc-i18ndata": "2.19-20.3",
            "glibc-profile": "2.19-20.3",
            "glibc-locale": "2.19-20.3",
            "nscd": "2.19-20.3",
            "glibc-32bit": "2.19-20.3",
            "glibc-profile-32bit": "2.19-20.3",
            "glibc": "2.19-20.3"
        }
    ]
}