rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 11 SP2-LTSS
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8779 | Cri | 9.8 | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Apr 19, 2016 | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | |
| CVE-2015-8778 | Cri | 9.8 | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Apr 19, 2016 | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor | |
| CVE-2015-8776 | Cri | 9.1 | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Apr 19, 2016 | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | |
| CVE-2014-9761 | Cri | 9.8 | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Apr 19, 2016 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. | |
| CVE-2015-7547 | Hig | 8.1 | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Feb 18, 2016 | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo | |
| CVE-2015-8777 | Med | 5.5 | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Jan 20, 2016 | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | |
| CVE-2015-1781 | — | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Sep 28, 2015 | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call wit | ||
| CVE-2014-8121 | — | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Mar 27, 2015 | DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database w | ||
| CVE-2013-4458 | — | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Dec 12, 2013 | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 | ||
| CVE-2013-2207 | — | < 2.11.3-17.45.66.1 | 2.11.3-17.45.66.1 | Oct 9, 2013 | pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
- affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
- affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memor
- affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
- affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
- affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS respo
- affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
- CVE-2015-1781Sep 28, 2015affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call wit
- CVE-2014-8121Mar 27, 2015affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database w
- CVE-2013-4458Dec 12, 2013affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6
- CVE-2013-2207Oct 9, 2013affected < 2.11.3-17.45.66.1fixed 2.11.3-17.45.66.1
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.