Vulnerabilities > CVE-2013-7424 - Code vulnerability in GNU Glibc
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1627.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 85459 published 2015-08-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85459 title CentOS 5 : glibc (CESA-2015:1627) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1627 and # CentOS Errata and Security Advisory 2015:1627 respectively. # include("compat.inc"); if (description) { script_id(85459); script_version("2.5"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2013-7424"); script_xref(name:"RHSA", value:"2015:1627"); script_name(english:"CentOS 5 : glibc (CESA-2015:1627)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2015-August/021336.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?78556401" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-7424"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/26"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"glibc-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-common-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-devel-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-headers-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-utils-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"nscd-2.5-123.el5_11.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3169.NASL description Several vulnerabilities have been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-02-24 plugin id 81448 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81448 title Debian DSA-3169-1 : eglibc - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3169. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(81448); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3406", "CVE-2013-7424", "CVE-2014-4043", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473"); script_bugtraq_id(54374, 68006, 71670, 72428, 72499, 72710); script_xref(name:"DSA", value:"3169"); script_name(english:"Debian DSA-3169-1 : eglibc - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library : - CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. - CVE-2013-7424 An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. - CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. - CVE-2014-9402 The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. - CVE-2015-1472 / CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681888" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751774" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775572" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777197" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-3406" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-3404" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-3405" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-7424" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-4043" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-9402" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-1472" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-1473" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/eglibc" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3169" ); script_set_attribute( attribute:"solution", value: "Upgrade the eglibc packages. For the stable distribution (wheezy), these issues are fixed in version 2.13-38+deb7u8 of the eglibc package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"eglibc-source", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"glibc-doc", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc-bin", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc-dev-bin", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dbg", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dev", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dev-i386", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-i386", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-i686", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-pic", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-prof", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-amd64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dbg", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-amd64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-i386", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-mips64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-mipsn32", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-ppc64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-s390", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-s390x", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-sparc64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-i386", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-i686", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-loongson2f", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-mips64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-mipsn32", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-pic", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-ppc64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-prof", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-s390", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-s390x", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-sparc64", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6-xen", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-dbg", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-dev", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-pic", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-prof", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"locales", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"locales-all", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"multiarch-support", reference:"2.13-38+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"nscd", reference:"2.13-38+deb7u8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1627.NASL description From Red Hat Security Advisory 2015:1627 : Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 85487 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85487 title Oracle Linux 5 : glibc (ELSA-2015-1627) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1627 and # Oracle Linux Security Advisory ELSA-2015-1627 respectively. # include("compat.inc"); if (description) { script_id(85487); script_version("2.10"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2013-7424"); script_xref(name:"RHSA", value:"2015:1627"); script_name(english:"Oracle Linux 5 : glibc (ELSA-2015-1627)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:1627 : Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-August/005348.html" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/26"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"glibc-2.5-123.0.1.el5_11.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-common-2.5-123.0.1.el5_11.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-devel-2.5-123.0.1.el5_11.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-headers-2.5-123.0.1.el5_11.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-utils-2.5-123.0.1.el5_11.3")) flag++; if (rpm_check(release:"EL5", reference:"nscd-2.5-123.0.1.el5_11.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1627.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 85442 published 2015-08-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85442 title RHEL 5 : glibc (RHSA-2015:1627) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1627. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(85442); script_version("2.8"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2013-7424"); script_xref(name:"RHSA", value:"2015:1627"); script_name(english:"RHEL 5 : glibc (RHSA-2015:1627)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix one security issue are now available for Red Hat Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:1627" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-7424" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:1627"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"glibc-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-common-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-common-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-common-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", reference:"glibc-debuginfo-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-debuginfo-common-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", reference:"glibc-devel-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-headers-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-headers-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-headers-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-utils-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-utils-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-utils-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"nscd-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"nscd-2.5-123.el5_11.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"nscd-2.5-123.el5_11.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-165.NASL description Several vulnerabilities have been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-03-26 plugin id 82149 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82149 title Debian DLA-165-1 : eglibc security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-165-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82149); script_version("1.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4357", "CVE-2013-4458", "CVE-2013-4788", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-4043", "CVE-2015-1472", "CVE-2015-1473"); script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 62324, 63299, 67992, 68006, 72428, 72498, 72499, 72710, 72844); script_name(english:"Debian DLA-165-1 : eglibc security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library. #553206 CVE-2015-1472 CVE-2015-1473 The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2012-3405 The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service. CVE-2012-3406 The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string. CVE-2012-3480 Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVE-2012-4412 Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVE-2012-4424 Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVE-2013-0242 Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVE-2013-1914 CVE-2013-4458 Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results. CVE-2013-4237 readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service. CVE-2013-4332 Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions. CVE-2013-4357 The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2013-4788 When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective. CVE-2013-7423 The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVE-2013-7424 The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2014-4043 The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5. For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/eglibc" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-pic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-prof"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-udeb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-dns-udeb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-files-udeb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"eglibc-source", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"glibc-doc", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc-bin", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc-dev-bin", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-amd64", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-dbg", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-dev", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-dev-amd64", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-dev-i386", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-i386", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-i686", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-pic", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-prof", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-udeb", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libc6-xen", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libnss-dns-udeb", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"libnss-files-udeb", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"locales", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"locales-all", reference:"2.11.3-4+deb6u5")) flag++; if (deb_check(release:"6.0", prefix:"nscd", reference:"2.11.3-4+deb6u5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20150817_GLIBC_ON_SL5_X.NASL description An invalid free flaw was found in glibc last seen 2020-03-18 modified 2015-08-18 plugin id 85498 published 2015-08-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85498 title Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20150817) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16472.NASL description The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. (CVE-2013-7424) last seen 2020-06-01 modified 2020-06-02 plugin id 82905 published 2015-04-21 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82905 title F5 Networks BIG-IP : glibc vulnerability (K16472)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2015-1627.html
- http://rhn.redhat.com/errata/RHSA-2015-1627.html
- http://www.openwall.com/lists/oss-security/2015/01/29/21
- http://www.openwall.com/lists/oss-security/2015/01/29/21
- http://www.securityfocus.com/bid/72710
- http://www.securityfocus.com/bid/72710
- https://bugzilla.redhat.com/show_bug.cgi?id=1186614
- https://bugzilla.redhat.com/show_bug.cgi?id=1186614
- https://bugzilla.redhat.com/show_bug.cgi?id=981942
- https://bugzilla.redhat.com/show_bug.cgi?id=981942
- https://sourceware.org/bugzilla/show_bug.cgi?id=18011
- https://sourceware.org/bugzilla/show_bug.cgi?id=18011
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7