SUSE-SU-2015:1424-1
Vulnerability Summary
Timeline
Description
Security update for glibc This update for glibc provides fixes for security and non-security issues. These security issues have been fixed: - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338) These non-security issues have been fixed: - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286)
Affected Systems
- suse•glibc&distro=SUSE Linux Enterprise Desktop 11 SP3
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Desktop 11 SP4
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Server 11 SP3
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Server 11 SP4
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP3
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Software Development Kit 11 SP3
< 2.11.3-17.87.3
- suse•glibc&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 2.11.3-17.87.3
References (14)
- https://www.suse.com/support/update/announcement/2015/suse-su-20151424-1/
- https://bugzilla.suse.com/830257
- https://bugzilla.suse.com/851280
- https://bugzilla.suse.com/918187
- https://bugzilla.suse.com/920338
- https://bugzilla.suse.com/927080
- https://bugzilla.suse.com/928723
- https://bugzilla.suse.com/932059
- https://bugzilla.suse.com/933770
- https://bugzilla.suse.com/933903
- https://bugzilla.suse.com/935286
- https://www.suse.com/security/cve/CVE-2013-2207
- https://www.suse.com/security/cve/CVE-2014-8121
- https://www.suse.com/security/cve/CVE-2015-1781