rpm package

suse/glibc&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (25)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-11236		—	< 2.11.3-17.110.14.1	2.11.3-17.110.14.1	May 18, 2018	stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra
CVE-2018-6551		—	< 2.11.3-17.110.6.2	2.11.3-17.110.6.2	Feb 2, 2018	The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requ
CVE-2018-6485		—	< 2.11.3-17.110.6.2	2.11.3-17.110.6.2	Feb 1, 2018	An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
CVE-2018-1000001		—	< 2.11.3-17.110.3.1	2.11.3-17.110.3.1	Jan 31, 2018	In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2017-15804	Cri	9.8	< 2.11.3-17.110.19.2	2.11.3-17.110.19.2	Oct 22, 2017	The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVE-2017-15671	Med	5.9	< 2.11.3-17.110.24.2	2.11.3-17.110.24.2	Oct 20, 2017	The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
CVE-2017-15670	Cri	9.8	< 2.11.3-17.110.19.2	2.11.3-17.110.19.2	Oct 20, 2017	The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVE-2017-12133	Med	5.9	< 2.11.3-17.110.9.2	2.11.3-17.110.9.2	Sep 7, 2017	Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
CVE-2017-12132	Med	5.9	< 2.11.3-17.110.6.2	2.11.3-17.110.6.2	Aug 1, 2017	The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2015-5180	Hig	7.5	< 2.11.3-17.110.19.2	2.11.3-17.110.19.2	Jun 27, 2017	res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2017-1000366	Hig	7.8	< 2.11.3-17.109.1	2.11.3-17.109.1	Jun 19, 2017	glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio
CVE-2017-8804	Hig	7.5	< 2.11.3-17.110.6.2	2.11.3-17.110.6.2	May 7, 2017	The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) v
CVE-2016-4429	Med	5.9	< 2.11.3-17.102.1	2.11.3-17.102.1	Jun 10, 2016	Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
CVE-2016-3706	Hig	7.5	< 2.11.3-17.102.1	2.11.3-17.102.1	Jun 10, 2016	Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in
CVE-2016-3075	Hig	7.5	< 2.11.3-17.102.1	2.11.3-17.102.1	Jun 1, 2016	Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-1234	Hig	7.5	< 2.11.3-17.102.1	2.11.3-17.102.1	Jun 1, 2016	Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2015-8779	Cri	9.8	< 2.11.3-17.95.2	2.11.3-17.95.2	Apr 19, 2016	Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2015-8778	Cri	9.8	< 2.11.3-17.95.2	2.11.3-17.95.2	Apr 19, 2016	Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor
CVE-2015-8776	Cri	9.1	< 2.11.3-17.95.2	2.11.3-17.95.2	Apr 19, 2016	The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2014-9761	Cri	9.8	< 2.11.3-17.95.2	2.11.3-17.95.2	Apr 19, 2016	Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

CVE-2018-11236May 18, 2018
affected < 2.11.3-17.110.14.1fixed 2.11.3-17.110.14.1
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra
CVE-2018-6551Feb 2, 2018
affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requ
CVE-2018-6485Feb 1, 2018
affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
CVE-2018-1000001Jan 31, 2018
affected < 2.11.3-17.110.3.1fixed 2.11.3-17.110.3.1
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2017-15804CriOct 22, 2017
affected < 2.11.3-17.110.19.2fixed 2.11.3-17.110.19.2
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVE-2017-15671MedOct 20, 2017
affected < 2.11.3-17.110.24.2fixed 2.11.3-17.110.24.2
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
CVE-2017-15670CriOct 20, 2017
affected < 2.11.3-17.110.19.2fixed 2.11.3-17.110.19.2
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVE-2017-12133MedSep 7, 2017
affected < 2.11.3-17.110.9.2fixed 2.11.3-17.110.9.2
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
CVE-2017-12132MedAug 1, 2017
affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2015-5180HigJun 27, 2017
affected < 2.11.3-17.110.19.2fixed 2.11.3-17.110.19.2
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2017-1000366HigJun 19, 2017
affected < 2.11.3-17.109.1fixed 2.11.3-17.109.1
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio
CVE-2017-8804HigMay 7, 2017
affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) v
CVE-2016-4429MedJun 10, 2016
affected < 2.11.3-17.102.1fixed 2.11.3-17.102.1
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
CVE-2016-3706HigJun 10, 2016
affected < 2.11.3-17.102.1fixed 2.11.3-17.102.1
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an in
CVE-2016-3075HigJun 1, 2016
affected < 2.11.3-17.102.1fixed 2.11.3-17.102.1
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-1234HigJun 1, 2016
affected < 2.11.3-17.102.1fixed 2.11.3-17.102.1
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
CVE-2015-8779CriApr 19, 2016
affected < 2.11.3-17.95.2fixed 2.11.3-17.95.2
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2015-8778CriApr 19, 2016
affected < 2.11.3-17.95.2fixed 2.11.3-17.95.2
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor
CVE-2015-8776CriApr 19, 2016
affected < 2.11.3-17.95.2fixed 2.11.3-17.95.2
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2014-9761CriApr 19, 2016
affected < 2.11.3-17.95.2fixed 2.11.3-17.95.2
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Page 1 of 2