SUSE-SU-2015:1844-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1844-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:1844-1
- Related
- Published
- 2015-09-24T14:17:00Z
- Modified
- 2015-09-24T14:17:00Z
- Summary
- Security update for glibc
- Details
-
glibc was updated to fix bugs and security issues.
Security issues fixed:
- A buffer overflow in nss_dns was fixed that could lead to crashes. (CVE-2015-1781, bsc#927080, BZ #18287)
- A denial of service attack (out of memory) in the NSS files backend was fixed (CVE-2014-8121, bsc#918187, GLIBC BZ #18007)
Non security bugs fixed:
- Fix regression in threaded application malloc performance (bsc#915955, GLIBC#17195)
- Fix read past end of pattern in fnmatch (bsc#920338, GLIBC#17062, GLIBC#18032, GLIBC#18036)
- Record TTL also for DNS PTR queries (bsc#928723, GLIBC#18513)
- Increase MINSIGSTKSZ and SIGSTKSZ for aarch64 (bsc#931480, GLIBC#16850)
- Fix handling of IPv6 nameservers (bsc#939211, GLIBC#13028, GLIBC#17053)
- Avoid use of asm/ptrace.h (bsc#934084)
- Do not corrupt the top of a threaded heap if top chunk is MINSIZE (GLIBC#18502)
- Terminate unwinding after makecontext_ret on s390 (bsc#940332. bsc#944494, GLIBC#18508)
- Restore signal mask in set/swapcontext on s390 (bsc#940195, bsc#944494, GLIBC#18080)
- fix dlopen in static binaries (bsc#937853, GLIBC#17250)
- Properly reread entry after failure in nss_files getent function (bsc#945779, BZ #18991)
Features added:
- AVX512 support (fate#318844)
- Add compatibility symlinks for LSB 3.0 (fate#318933)
- References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20151844-1/
- https://bugzilla.suse.com/915955
- https://bugzilla.suse.com/918187
- https://bugzilla.suse.com/920338
- https://bugzilla.suse.com/927080
- https://bugzilla.suse.com/928723
- https://bugzilla.suse.com/931480
- https://bugzilla.suse.com/934084
- https://bugzilla.suse.com/937853
- https://bugzilla.suse.com/939211
- https://bugzilla.suse.com/940195
- https://bugzilla.suse.com/940332
- https://bugzilla.suse.com/944494
- https://bugzilla.suse.com/945779
- https://www.suse.com/security/cve/CVE-2014-8121
- https://www.suse.com/security/cve/CVE-2015-1781
Affected packages
SUSE:Linux Enterprise Desktop 12 / glibc
Package
- Name
- glibc
- Purl
- purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
SUSE:Linux Enterprise Software Development Kit 12 / glibc
Package
- Name
- glibc
- Purl
- purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
SUSE:Linux Enterprise Server 12 / glibc
Package
- Name
- glibc
- Purl
- purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.19-22.7.1
Ecosystem specific
{
"binaries": [
{
"glibc-devel-32bit": "2.19-22.7.1",
"glibc-html": "2.19-22.7.1",
"glibc-locale-32bit": "2.19-22.7.1",
"glibc-info": "2.19-22.7.1",
"glibc-devel": "2.19-22.7.1",
"glibc-i18ndata": "2.19-22.7.1",
"glibc-profile": "2.19-22.7.1",
"glibc-locale": "2.19-22.7.1",
"nscd": "2.19-22.7.1",
"glibc-32bit": "2.19-22.7.1",
"glibc-profile-32bit": "2.19-22.7.1",
"glibc": "2.19-22.7.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 / glibc
Package
- Name
- glibc
- Purl
- purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.19-22.7.1
Ecosystem specific
{
"binaries": [
{
"glibc-devel-32bit": "2.19-22.7.1",
"glibc-html": "2.19-22.7.1",
"glibc-locale-32bit": "2.19-22.7.1",
"glibc-info": "2.19-22.7.1",
"glibc-devel": "2.19-22.7.1",
"glibc-i18ndata": "2.19-22.7.1",
"glibc-profile": "2.19-22.7.1",
"glibc-locale": "2.19-22.7.1",
"nscd": "2.19-22.7.1",
"glibc-32bit": "2.19-22.7.1",
"glibc-profile-32bit": "2.19-22.7.1",
"glibc": "2.19-22.7.1"
}
]
}