rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11236 | — | < 2.19-40.16.950 | 2.19-40.16.950 | May 18, 2018 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra | ||
| CVE-2018-1000001 | — | < 2.19-40.9.5 | 2.19-40.9.5 | Jan 31, 2018 | In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | ||
| CVE-2017-15804 | Cri | 9.8 | < 2.19-40.16.950 | 2.19-40.16.950 | Oct 22, 2017 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | |
| CVE-2017-15671 | Med | 5.9 | < 2.19-40.16.950 | 2.19-40.16.950 | Oct 20, 2017 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | |
| CVE-2017-15670 | Cri | 9.8 | < 2.19-40.16.950 | 2.19-40.16.950 | Oct 20, 2017 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. | |
| CVE-2017-12132 | Med | 5.9 | < 2.19-40.16.950 | 2.19-40.16.950 | Aug 1, 2017 | The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. | |
| CVE-2017-1000366 | Hig | 7.8 | < 2.19-40.6.1 | 2.19-40.6.1 | Jun 19, 2017 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio |
- CVE-2018-11236May 18, 2018affected < 2.19-40.16.950fixed 2.19-40.16.950
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitra
- CVE-2018-1000001Jan 31, 2018affected < 2.19-40.9.5fixed 2.19-40.9.5
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
- affected < 2.19-40.16.950fixed 2.19-40.16.950
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
- affected < 2.19-40.16.950fixed 2.19-40.16.950
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
- affected < 2.19-40.16.950fixed 2.19-40.16.950
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
- affected < 2.19-40.16.950fixed 2.19-40.16.950
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
- affected < 2.19-40.6.1fixed 2.19-40.6.1
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulatio