[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0195":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":67,"epss":9,"epss_history":68,"metrics":69,"affected":70},"MGASA-2015-0195","Updated glibc packages fix security vulnerabilities\n\nUpdated glibc package fixes security vulnerabilities:\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nIt was found that the files back end of Name Service Switch (NSS) did not\nisolate iteration over an entire database from key-based look-up API calls.\nAn application performing look-ups on a database while iterating over it\ncould enter an infinite loop, leading to a denial of service.\n(CVE-2014-8121)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nJoseph Myers discovered strxfrm is vulnerable to integer overflows\nwhen computing memory allocation sizes (similar to CVE-2012-4412)\n[BZ #16009] (CVE pending)\n\nShaun Colley discovered strxfrm falls back to an unbounded alloca if\nmalloc fails making it vulnerable to stack-based buffer overflows\n(similar to CVE-2012-4424) [BZ #16009] (CVE pending)\n\nA buffer overflow flaw was found in libio/wstrops.c:_IO_wstr_overflow \nwich allows for overflow in calculating the new size in wide characters,\nbut not for overflow in the multiplication to compute the size in bytes,\nwhich could thus overflow and result in a buffer overrun copying data\ninto the new buffer. [BZ #17269] (CVE pending)\n\nWhen processing certain malformed patterns, fnmatch can skip over the\nNUL byte terminating the pattern.  This can potentially result in an\napplication crash if fnmatch hits an unmapped page before encountering a\nNUL byte. [BZ #18032] (CVE pending)\n\nOther fixes in this update:\nnscd package was missing the /var/db/nscd directory wich prevented\nit to work properly (mga#15545).\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2013-7423",{"_key":17},"CVE-2014-8121",{"_key":19},"CVE-2015-1781",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2015-05-06T15:16:01Z","2026-04-16T06:25:55.892772452Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,46,50,54,58,63],{"url":32,"sources":33,"tags":35},"https://advisories.mageia.org/MGASA-2015-0195.html",[34],"osv_mageia",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugs.mageia.org/show_bug.cgi?id=15800",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://bugs.mageia.org/show_bug.cgi?id=15545",[34],[41],{"url":47,"sources":48,"tags":49},"https://sourceware.org/bugzilla/show_bug.cgi?id=16009",[34],[41],{"url":51,"sources":52,"tags":53},"https://sourceware.org/bugzilla/show_bug.cgi?id=17269",[34],[41],{"url":55,"sources":56,"tags":57},"https://sourceware.org/bugzilla/show_bug.cgi?id=18032",[34],[41],{"url":59,"sources":60,"tags":61},"https://rhn.redhat.com/errata/RHSA-2015-0327.html",[34],[41,62],"WEB",{"url":64,"sources":65,"tags":66},"https://rhn.redhat.com/errata/RHSA-2015-0863.html",[34],[41,62],[],[],[],[71],{"ecosystem":72,"name":73,"vendor":74,"product":73,"cpe_part":9,"purl_type":75,"purl_namespace":74,"purl_name":73,"source":9,"versions":76},"Mageia","glibc","mageia","rpm",[77],{"version":78,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":81,"version_end_type":82,"fixed_in":9},"lt2_18_9_11_mga4",true,"ecosystem","2.18-9.11.mga4","excluding"]