Security update for glibc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1779-1 Final 1 1 2016-07-10T18:32:05Z current 2016-07-10T18:32:05Z 2016-07-10T18:32:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc provides the following fixes: - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html E-Mail link for openSUSE-SU-2016:1779-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 glibc-2.19-22.1 glibc-32bit-2.19-22.1 glibc-devel-2.19-22.1 glibc-devel-32bit-2.19-22.1 glibc-devel-static-2.19-22.1 glibc-devel-static-32bit-2.19-22.1 glibc-extra-2.19-22.1 glibc-html-2.19-22.1 glibc-i18ndata-2.19-22.1 glibc-info-2.19-22.1 glibc-locale-2.19-22.1 glibc-locale-32bit-2.19-22.1 glibc-obsolete-2.19-22.1 glibc-profile-2.19-22.1 glibc-profile-32bit-2.19-22.1 glibc-testsuite-2.19-22.2 glibc-utils-2.19-22.1 glibc-utils-32bit-2.19-22.1 nscd-2.19-22.1 glibc-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-32bit-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-devel-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-devel-32bit-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-devel-static-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-devel-static-32bit-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-extra-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-html-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-i18ndata-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-info-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-locale-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-locale-32bit-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-obsolete-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-profile-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-profile-32bit-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-testsuite-2.19-22.2 as a component of openSUSE Leap 42.1 glibc-utils-2.19-22.1 as a component of openSUSE Leap 42.1 glibc-utils-32bit-2.19-22.1 as a component of openSUSE Leap 42.1 nscd-2.19-22.1 as a component of openSUSE Leap 42.1 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. CVE-2016-1234 openSUSE Leap 42.1:glibc-2.19-22.1 openSUSE Leap 42.1:glibc-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-2.19-22.1 openSUSE Leap 42.1:glibc-devel-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-extra-2.19-22.1 openSUSE Leap 42.1:glibc-html-2.19-22.1 openSUSE Leap 42.1:glibc-i18ndata-2.19-22.1 openSUSE Leap 42.1:glibc-info-2.19-22.1 openSUSE Leap 42.1:glibc-locale-2.19-22.1 openSUSE Leap 42.1:glibc-locale-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-obsolete-2.19-22.1 openSUSE Leap 42.1:glibc-profile-2.19-22.1 openSUSE Leap 42.1:glibc-profile-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-testsuite-2.19-22.2 openSUSE Leap 42.1:glibc-utils-2.19-22.1 openSUSE Leap 42.1:glibc-utils-32bit-2.19-22.1 openSUSE Leap 42.1:nscd-2.19-22.1 moderate 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html https://www.suse.com/security/cve/CVE-2016-1234.html CVE-2016-1234 https://bugzilla.suse.com/1020940 SUSE Bug 1020940 https://bugzilla.suse.com/969727 SUSE Bug 969727 https://bugzilla.suse.com/988770 SUSE Bug 988770 https://bugzilla.suse.com/988782 SUSE Bug 988782 https://bugzilla.suse.com/989127 SUSE Bug 989127 Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. CVE-2016-3075 openSUSE Leap 42.1:glibc-2.19-22.1 openSUSE Leap 42.1:glibc-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-2.19-22.1 openSUSE Leap 42.1:glibc-devel-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-extra-2.19-22.1 openSUSE Leap 42.1:glibc-html-2.19-22.1 openSUSE Leap 42.1:glibc-i18ndata-2.19-22.1 openSUSE Leap 42.1:glibc-info-2.19-22.1 openSUSE Leap 42.1:glibc-locale-2.19-22.1 openSUSE Leap 42.1:glibc-locale-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-obsolete-2.19-22.1 openSUSE Leap 42.1:glibc-profile-2.19-22.1 openSUSE Leap 42.1:glibc-profile-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-testsuite-2.19-22.2 openSUSE Leap 42.1:glibc-utils-2.19-22.1 openSUSE Leap 42.1:glibc-utils-32bit-2.19-22.1 openSUSE Leap 42.1:nscd-2.19-22.1 moderate 4 AV:N/AC:H/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html https://www.suse.com/security/cve/CVE-2016-3075.html CVE-2016-3075 https://bugzilla.suse.com/973164 SUSE Bug 973164 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. CVE-2016-3706 openSUSE Leap 42.1:glibc-2.19-22.1 openSUSE Leap 42.1:glibc-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-2.19-22.1 openSUSE Leap 42.1:glibc-devel-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-extra-2.19-22.1 openSUSE Leap 42.1:glibc-html-2.19-22.1 openSUSE Leap 42.1:glibc-i18ndata-2.19-22.1 openSUSE Leap 42.1:glibc-info-2.19-22.1 openSUSE Leap 42.1:glibc-locale-2.19-22.1 openSUSE Leap 42.1:glibc-locale-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-obsolete-2.19-22.1 openSUSE Leap 42.1:glibc-profile-2.19-22.1 openSUSE Leap 42.1:glibc-profile-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-testsuite-2.19-22.2 openSUSE Leap 42.1:glibc-utils-2.19-22.1 openSUSE Leap 42.1:glibc-utils-32bit-2.19-22.1 openSUSE Leap 42.1:nscd-2.19-22.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html https://www.suse.com/security/cve/CVE-2016-3706.html CVE-2016-3706 https://bugzilla.suse.com/980483 SUSE Bug 980483 https://bugzilla.suse.com/997423 SUSE Bug 997423 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. CVE-2016-4429 openSUSE Leap 42.1:glibc-2.19-22.1 openSUSE Leap 42.1:glibc-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-2.19-22.1 openSUSE Leap 42.1:glibc-devel-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-2.19-22.1 openSUSE Leap 42.1:glibc-devel-static-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-extra-2.19-22.1 openSUSE Leap 42.1:glibc-html-2.19-22.1 openSUSE Leap 42.1:glibc-i18ndata-2.19-22.1 openSUSE Leap 42.1:glibc-info-2.19-22.1 openSUSE Leap 42.1:glibc-locale-2.19-22.1 openSUSE Leap 42.1:glibc-locale-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-obsolete-2.19-22.1 openSUSE Leap 42.1:glibc-profile-2.19-22.1 openSUSE Leap 42.1:glibc-profile-32bit-2.19-22.1 openSUSE Leap 42.1:glibc-testsuite-2.19-22.2 openSUSE Leap 42.1:glibc-utils-2.19-22.1 openSUSE Leap 42.1:glibc-utils-32bit-2.19-22.1 openSUSE Leap 42.1:nscd-2.19-22.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html https://www.suse.com/security/cve/CVE-2016-4429.html CVE-2016-4429 https://bugzilla.suse.com/1081556 SUSE Bug 1081556 https://bugzilla.suse.com/980854 SUSE Bug 980854