rpm package

opensuse/glibc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/glibc&distro=openSUSE%20Tumbleweed

Vulnerabilities (95)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-5417	Hig	7.5	< 2.24-2.3	2.24-2.3	Feb 17, 2017	Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data
CVE-2016-6323	Hig	7.5	< 2.34-1.2	2.34-1.2	Oct 7, 2016	The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applicati
CVE-2016-6261	Hig	7.5	< 2.34-1.2	2.34-1.2	Sep 7, 2016	The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
CVE-2016-4429	Med	5.9	< 2.24-2.3	2.24-2.3	Jun 10, 2016	Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
CVE-2016-3706	Hig	7.5	< 2.24-2.3	2.24-2.3	Jun 10, 2016	Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in
CVE-2016-3075	Hig	7.5	< 2.24-2.3	2.24-2.3	Jun 1, 2016	Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-1234	Hig	7.5	< 2.24-2.3	2.24-2.3	Jun 1, 2016	Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2015-8779	Cri	9.8	< 2.24-2.3	2.24-2.3	Apr 19, 2016	Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2015-8778	Cri	9.8	< 2.24-2.3	2.24-2.3	Apr 19, 2016	Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor
CVE-2015-8776	Cri	9.1	< 2.24-2.3	2.24-2.3	Apr 19, 2016	The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2014-9761	Cri	9.8	< 2.24-2.3	2.24-2.3	Apr 19, 2016	Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2015-7547	Hig	8.1	< 2.24-2.3	2.24-2.3	Feb 18, 2016	Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo
CVE-2015-8777	Med	5.5	< 2.24-2.3	2.24-2.3	Jan 20, 2016	The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVE-2015-1781		—	< 2.24-2.3	2.24-2.3	Sep 28, 2015	Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call wit
CVE-2015-1473		—	< 2.24-2.3	2.24-2.3	Apr 8, 2015	The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (s
CVE-2015-1472		—	< 2.24-2.3	2.24-2.3	Apr 8, 2015	The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified
CVE-2014-8121		—	< 2.24-2.3	2.24-2.3	Mar 27, 2015	DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database w
CVE-2014-9402		—	< 2.24-2.3	2.24-2.3	Feb 24, 2015	The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is
CVE-2013-7423		—	< 2.24-2.3	2.24-2.3	Feb 24, 2015	The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo fu
CVE-2014-6040		—	< 2.24-2.3	2.24-2.3	Dec 5, 2014	GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 en

CVE-2016-5417HigFeb 17, 2017
affected < 2.24-2.3fixed 2.24-2.3
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data
CVE-2016-6323HigOct 7, 2016
affected < 2.34-1.2fixed 2.34-1.2
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applicati
CVE-2016-6261HigSep 7, 2016
affected < 2.34-1.2fixed 2.34-1.2
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
CVE-2016-4429MedJun 10, 2016
affected < 2.24-2.3fixed 2.24-2.3
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
CVE-2016-3706HigJun 10, 2016
affected < 2.24-2.3fixed 2.24-2.3
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in
CVE-2016-3075HigJun 1, 2016
affected < 2.24-2.3fixed 2.24-2.3
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-1234HigJun 1, 2016
affected < 2.24-2.3fixed 2.24-2.3
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2015-8779CriApr 19, 2016
affected < 2.24-2.3fixed 2.24-2.3
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2015-8778CriApr 19, 2016
affected < 2.24-2.3fixed 2.24-2.3
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor
CVE-2015-8776CriApr 19, 2016
affected < 2.24-2.3fixed 2.24-2.3
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2014-9761CriApr 19, 2016
affected < 2.24-2.3fixed 2.24-2.3
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2015-7547HigFeb 18, 2016
affected < 2.24-2.3fixed 2.24-2.3
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo
CVE-2015-8777MedJan 20, 2016
affected < 2.24-2.3fixed 2.24-2.3
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVE-2015-1781Sep 28, 2015
affected < 2.24-2.3fixed 2.24-2.3
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call wit
CVE-2015-1473Apr 8, 2015
affected < 2.24-2.3fixed 2.24-2.3
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (s
CVE-2015-1472Apr 8, 2015
affected < 2.24-2.3fixed 2.24-2.3
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified
CVE-2014-8121Mar 27, 2015
affected < 2.24-2.3fixed 2.24-2.3
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database w
CVE-2014-9402Feb 24, 2015
affected < 2.24-2.3fixed 2.24-2.3
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is
CVE-2013-7423Feb 24, 2015
affected < 2.24-2.3fixed 2.24-2.3
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo fu
CVE-2014-6040Dec 5, 2014
affected < 2.24-2.3fixed 2.24-2.3
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 en

Page 4 of 5