rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11236 | — | < 2.11.3-17.110.14.1 | 2.11.3-17.110.14.1 | May 18, 2018 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra | ||
| CVE-2018-6551 | — | < 2.11.3-17.110.6.2 | 2.11.3-17.110.6.2 | Feb 2, 2018 | The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requ | ||
| CVE-2018-6485 | — | < 2.11.3-17.110.6.2 | 2.11.3-17.110.6.2 | Feb 1, 2018 | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | ||
| CVE-2018-1000001 | — | < 2.11.3-17.110.3.1 | 2.11.3-17.110.3.1 | Jan 31, 2018 | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | ||
| CVE-2017-15804 | Cri | 9.8 | < 2.11.3-17.110.19.2 | 2.11.3-17.110.19.2 | Oct 22, 2017 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | |
| CVE-2017-15671 | Med | 5.9 | < 2.11.3-17.110.24.2 | 2.11.3-17.110.24.2 | Oct 20, 2017 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | |
| CVE-2017-15670 | Cri | 9.8 | < 2.11.3-17.110.19.2 | 2.11.3-17.110.19.2 | Oct 20, 2017 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | |
| CVE-2017-12132 | Med | 5.9 | < 2.11.3-17.110.6.2 | 2.11.3-17.110.6.2 | Aug 1, 2017 | The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | |
| CVE-2015-5180 | Hig | 7.5 | < 2.11.3-17.110.19.2 | 2.11.3-17.110.19.2 | Jun 27, 2017 | res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | |
| CVE-2017-1000366 | Hig | 7.8 | < 2.11.3-17.109.1 | 2.11.3-17.109.1 | Jun 19, 2017 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio | |
| CVE-2017-8804 | Hig | 7.5 | < 2.11.3-17.110.6.2 | 2.11.3-17.110.6.2 | May 7, 2017 | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) v |
- CVE-2018-11236May 18, 2018affected < 2.11.3-17.110.14.1fixed 2.11.3-17.110.14.1
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra
- CVE-2018-6551Feb 2, 2018affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requ
- CVE-2018-6485Feb 1, 2018affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
- CVE-2018-1000001Jan 31, 2018affected < 2.11.3-17.110.3.1fixed 2.11.3-17.110.3.1
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
- affected < 2.11.3-17.110.19.2fixed 2.11.3-17.110.19.2
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
- affected < 2.11.3-17.110.24.2fixed 2.11.3-17.110.24.2
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
- affected < 2.11.3-17.110.19.2fixed 2.11.3-17.110.19.2
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
- affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
- affected < 2.11.3-17.110.19.2fixed 2.11.3-17.110.19.2
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
- affected < 2.11.3-17.109.1fixed 2.11.3-17.109.1
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio
- affected < 2.11.3-17.110.6.2fixed 2.11.3-17.110.6.2
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) v