MGASA-2016-0079

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0079.html

Import Source

https://advisories.mageia.org/MGASA-2016-0079.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0079

Related

Published

2016-02-19T08:40:43Z

Modified

2016-02-19T08:34:55Z

Summary

Updated glibc packages fix security vulnerabilities

Details

Updated glibc fixes the following security issues:

A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code (CVE-2014-9761).

A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (CVE-2015-7547).

Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (CVE-2015-8776).

Insufficient checking of LDPOINTERGUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (CVE-2015-8777).

Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (CVE-2015-8778).

A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code (CVE-2015-8779).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / glibc

Package

Name: glibc
Purl: pkg:rpm/mageia/glibc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.20-21.mga5

Ecosystem specific

{
    "section": "core"
}