ID CVE-2012-0864
Summary Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.
References
Vulnerable Configurations
  • GNU glibc 2.14
    cpe:2.3:a:gnu:glibc:2.14
CVSS
Base: 6.8 (as of 03-05-2013 - 09:44)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0393.NASL
    description From Red Hat Security Advisory 2012:0393 : Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) This update also fixes the following bugs : * Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed. (BZ#783999) * Previously, locking of the main malloc arena was incorrect in the retry path. This could result in a deadlock if an sbrk request failed. With this update, locking of the main arena in the retry path has been fixed. This issue was exposed by a bug fix provided in the RHSA-2012:0058 update. (BZ#795328) * Calling memcpy with overlapping arguments on certain processors would generate unexpected results. While such code is a clear violation of ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259) All users of glibc are advised to upgrade to these updated packages, which contain patches to resolve these issues.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 68497
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68497
    title Oracle Linux 6 : glibc (ELSA-2012-0393)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-2162.NASL
    description Avoid 'nargs' integer overflow which can be used to bypass FORTIFY_SOURCE protections. Revert changes for 552960, they're still causing problems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-20
    plugin id 58124
    published 2012-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58124
    title Fedora 16 : glibc-2.14.90-24.fc16.6 (2012-2162)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-1287-1.NASL
    description This collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216] - Fix problem with TLS and dlopen. [#732110] - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689] - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689] - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 83597
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83597
    title SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-2123.NASL
    description Various bugfixes and security enhancements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-20
    plugin id 58157
    published 2012-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58157
    title Fedora 17 : glibc-2.15-23.fc17 (2012-2123)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0397.NASL
    description From Red Hat Security Advisory 2012:0397 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 68498
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68498
    title Oracle Linux 5 : glibc (ELSA-2012-0397)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0397.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
    last seen 2018-09-01
    modified 2018-07-02
    plugin id 58403
    published 2012-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58403
    title CentOS 5 : glibc (CESA-2012:0397)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064) - An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830) - An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089) - An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202) - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970) - An error exists in the glibc library in the svc_run() function that allows a denial of service. (CVE-2011-4609) - An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871) - A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution. (CVE-2012-2870) - Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) - Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
    last seen 2018-09-01
    modified 2018-08-06
    plugin id 70886
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70886
    title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0488.NASL
    description An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-1583 (kernel issue) CVE-2011-3045 (libpng issue) CVE-2012-0884 and CVE-2012-1165 (openssl issues) Further information on the changes made to the package is available on the relevant errata : https://rhn.redhat.com/errata/RHBA-2012-0398.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2018-09-01
    modified 2018-07-25
    plugin id 79286
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79286
    title RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120319_GLIBC_ON_SL5_X.NASL
    description The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
    last seen 2018-09-02
    modified 2013-05-04
    plugin id 61285
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61285
    title Scientific Linux Security Update : glibc on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120315_GLIBC_ON_SL6_X.NASL
    description The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) This update also fixes the following bugs : - Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed. - Previously, locking of the main malloc arena was incorrect in the retry path. This could result in a deadlock if an sbrk request failed. With this update, locking of the main arena in the retry path has been fixed. This issue was exposed by a bug fix provided in a previous update. - Calling memcpy with overlapping arguments on certain processors would generate unexpected results. While such code is a clear violation of ANSI/ISO standards, this update restores prior memcpy behavior. All users of glibc are advised to upgrade to these updated packages, which contain patches to resolve these issues.
    last seen 2018-09-01
    modified 2013-05-04
    plugin id 61284
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61284
    title Scientific Linux Security Update : glibc on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-2144.NASL
    description Avoid 'nargs' integer overflow which can be used to bypass FORTIFY_SOURCE protections. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-20
    plugin id 58278
    published 2012-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58278
    title Fedora 15 : glibc-2.14.1-6 (2012-2144)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0393.NASL
    description Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) This update also fixes the following bugs : * Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed. (BZ#783999) * Previously, locking of the main malloc arena was incorrect in the retry path. This could result in a deadlock if an sbrk request failed. With this update, locking of the main arena in the retry path has been fixed. This issue was exposed by a bug fix provided in the RHSA-2012:0058 update. (BZ#795328) * Calling memcpy with overlapping arguments on certain processors would generate unexpected results. While such code is a clear violation of ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259) All users of glibc are advised to upgrade to these updated packages, which contain patches to resolve these issues.
    last seen 2018-09-02
    modified 2018-07-25
    plugin id 58361
    published 2012-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58361
    title RHEL 6 : glibc (RHSA-2012:0393)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0393.NASL
    description Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) This update also fixes the following bugs : * Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed. (BZ#783999) * Previously, locking of the main malloc arena was incorrect in the retry path. This could result in a deadlock if an sbrk request failed. With this update, locking of the main arena in the retry path has been fixed. This issue was exposed by a bug fix provided in the RHSA-2012:0058 update. (BZ#795328) * Calling memcpy with overlapping arguments on certain processors would generate unexpected results. While such code is a clear violation of ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259) All users of glibc are advised to upgrade to these updated packages, which contain patches to resolve these issues.
    last seen 2018-09-01
    modified 2018-07-02
    plugin id 58390
    published 2012-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58390
    title CentOS 6 : glibc (CESA-2012:0393)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL
    description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the '--verify' option is used. A remote attacker can exploit this by using a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. (CVE-2010-0830) - A flaw exists in OpenSSL due to a failure to properly prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. A remote attacker can exploit this to force a downgrade to an unintended cipher by intercepting the network traffic to discover a session identifier. (CVE-2010-4180) - A flaw exists in OpenSSL due to a failure to properly validate the public parameters in the J-PAKE protocol when J-PAKE is enabled. A remote attacker can exploit this, by sending crafted values in each round of the protocol, to bypass the need for knowledge of the shared secret. (CVE-2010-4252) - A out-of-bounds memory error exists in OpenSSL that allows a remote attacker to cause a denial of service or possibly obtain sensitive information by using a malformed ClientHello handshake message. This is also known as the 'OCSP stapling vulnerability'. (CVE-2011-0014) - A flaw exists in the addmntent() function in the glibc library due to a failure to report the error status for failed attempts to write to the /etc/mtab file. A local attacker can exploit this to corrupt the file by using writes from a process with a small RLIMIT_FSIZE value. (CVE-2011-1089) - A flaw exists in the png_set_text_2() function in the file pngset.c in the libpng library due to a failure to properly allocate memory. An unauthenticated, remote attacker can exploit this, via a crafted text chunk in a PNG image file, to trigger a heap-based buffer overflow, resulting in denial of service or the execution of arbitrary code. (CVE-2011-3048) - A flaw exists in the DTLS implementation in OpenSSL due to performing a MAC check only if certain padding is valid. A remote attacker can exploit this, via a padding oracle attack, to recover the plaintext. (CVE-2011-4108) - A double-free error exists in OpenSSL when the X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker can exploit this by triggering a policy check failure, resulting in an unspecified impact. (CVE-2011-4109) - A flaw exists in OpenSSL in the SSL 3.0 implementation due to improper initialization of data structures used for block cipher padding. A remote attacker can exploit this, by decrypting the padding data sent by an SSL peer, to obtain sensitive information. (CVE-2011-4576) - A denial of service vulnerability exists in OpenSSL when RFC 3779 support is enabled. A remote attacker can exploit this to cause an assertion failure, by using an X.509 certificate containing certificate extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4577) - A denial of service vulnerability exists in the RPC implementation in the glibc library due to a flaw in the svc_run() function. A remote attacker can exploit this, via large number of RPC connections, to exhaust CPU resources. (CVE-2011-4609) - A denial of service vulnerability exists in the Server Gated Cryptography (SGC) implementation in OpenSSL due to a failure to properly handle handshake restarts. A remote attacker can exploit this, via unspecified vectors, to exhaust CPU resources. (CVE-2011-4619) - A denial of service vulnerability exists in OpenSSL due to improper support of DTLS applications. A remote attacker can exploit this, via unspecified vectors related to an out-of-bounds read error. Note that this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - A security bypass vulnerability exists in the glibc library due to an integer overflow condition in the vfprintf() function in file stdio-common/vfprintf.c. An attacker can exploit this, by using a large number of arguments, to bypass the FORTIFY_SOURCE protection mechanism, allowing format string attacks or writing to arbitrary memory. (CVE-2012-0864) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string that uses positional parameters and many format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus causing stack corruption and a crash. (CVE-2012-3404) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string with a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering desynchronization within the buffer size handling, resulting in a segmentation fault and crash. (CVE-2012-3405) - A flaw exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly restrict the use of the alloca() function when allocating the SPECS array. An attacker can exploit this, via a crafted format string using positional parameters and a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering a denial of service or the possible execution of arbitrary code. (CVE-2012-3406) - A flaw exists in the glibc library due to multiple integer overflow conditions in the strtod(), strtof(), strtold(), strtod_l(), and other unspecified related functions. A local attacker can exploit these to trigger a stack-based buffer overflow, resulting in an application crash or the possible execution of arbitrary code. (CVE-2012-3480) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI) due to a failure by control code to properly restrict memory allocation. A local attacker can exploit this, via unspecified vectors, to gain privileges. (CVE-2013-1406) - An error exists in the implementation of the Network File Copy (NFC) protocol. A man-in-the-middle attacker can exploit this, by modifying the client-server data stream, to cause a denial of service or the execution of arbitrary code. (CVE-2013-1659)
    last seen 2018-09-02
    modified 2018-08-06
    plugin id 70885
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70885
    title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0397.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
    last seen 2018-09-01
    modified 2018-07-25
    plugin id 58394
    published 2012-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58394
    title RHEL 5 : glibc (RHSA-2012:0397)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0531.NASL
    description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2018-09-14
    modified 2018-09-12
    plugin id 78922
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78922
    title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201312-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201312-01 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker could trigger vulnerabilities in dynamic library loader, making it possible to load attacker-controlled shared objects during execution of setuid/setgid programs to escalate privileges. A context-dependent attacker could trigger various vulnerabilities in GNU C Library, including a buffer overflow, leading to execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-07-12
    plugin id 71167
    published 2013-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71167
    title GLSA-201312-01 : GNU C Library: Multiple vulnerabilities
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2018-09-01
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0018.NASL
    description a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue.
    last seen 2018-09-01
    modified 2018-08-06
    plugin id 63332
    published 2012-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63332
    title VMSA-2012-0018 : VMware security updates for vCSA and ESXi
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-57.NASL
    description An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864)
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 69664
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69664
    title Amazon Linux AMI : glibc (ALAS-2012-57)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1396-1.NASL
    description It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029) It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-0015) Chris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1071) Tomas Hoger reported that an additional integer overflow was possible in the GNU C Library fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1659) Dan Rosenberg discovered that the addmntent() function in the GNU C Library did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1089) Harald van Dijk discovered that the locale program included with the GNU C library did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-1095) It was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token. This could allow an attacker to gain privilege via a setuid program that had this RPATH value. (CVE-2011-1658) It was discovered that the GNU C library implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2702) John Zimmerman discovered that the Remote Procedure Call (RPC) implementation in the GNU C Library did not properly handle large numbers of connections. This could allow a remote attacker to cause a denial of service. (CVE-2011-4609) It was discovered that the GNU C Library vfprintf() implementation contained a possible integer overflow in the format string protection code offered by FORTIFY_SOURCE. An attacker could use this flaw in conjunction with a format string vulnerability to bypass the format string protection and possibly execute arbitrary code. (CVE-2012-0864). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 58318
    published 2012-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58318
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : eglibc, glibc vulnerabilities (USN-1396-1)
redhat via4
advisories
  • bugzilla
    id 799259
    title Change in memcpy behavior for overlapping arguments breaks existing applications
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment glibc-devel is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393017
        • comment glibc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872018
      • AND
        • comment glibc-utils is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393007
        • comment glibc-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872014
      • AND
        • comment glibc is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393005
        • comment glibc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872006
      • AND
        • comment nscd is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393013
        • comment nscd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872016
      • AND
        • comment glibc-static is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393011
        • comment glibc-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872008
      • AND
        • comment glibc-common is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393009
        • comment glibc-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872012
      • AND
        • comment glibc-headers is earlier than 0:2.12-1.47.el6_2.9
          oval oval:com.redhat.rhsa:tst:20120393015
        • comment glibc-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872010
    rhsa
    id RHSA-2012:0393
    released 2012-03-15
    severity Moderate
    title RHSA-2012:0393: glibc security and bug fix update (Moderate)
  • bugzilla
    id 794766
    title integer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment glibc is earlier than 0:2.5-81.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120397002
        • comment glibc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787003
      • AND
        • comment glibc-common is earlier than 0:2.5-81.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120397010
        • comment glibc-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787009
      • AND
        • comment glibc-devel is earlier than 0:2.5-81.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120397008
        • comment glibc-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787007
      • AND
        • comment glibc-headers is earlier than 0:2.5-81.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120397006
        • comment glibc-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787013
      • AND
        • comment glibc-utils is earlier than 0:2.5-81.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120397004
        • comment glibc-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787005
      • AND
        • comment nscd is earlier than 0:2.5-81.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120397012
        • comment nscd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787011
    rhsa
    id RHSA-2012:0397
    released 2012-03-19
    severity Moderate
    title RHSA-2012:0397: glibc security update (Moderate)
  • rhsa
    id RHSA-2012:0488
  • rhsa
    id RHSA-2012:0531
rpms
  • glibc-devel-0:2.12-1.47.el6_2.9
  • glibc-utils-0:2.12-1.47.el6_2.9
  • glibc-0:2.12-1.47.el6_2.9
  • nscd-0:2.12-1.47.el6_2.9
  • glibc-static-0:2.12-1.47.el6_2.9
  • glibc-common-0:2.12-1.47.el6_2.9
  • glibc-headers-0:2.12-1.47.el6_2.9
  • glibc-0:2.5-81.el5_8.1
  • glibc-common-0:2.5-81.el5_8.1
  • glibc-devel-0:2.5-81.el5_8.1
  • glibc-headers-0:2.5-81.el5_8.1
  • glibc-utils-0:2.5-81.el5_8.1
  • nscd-0:2.5-81.el5_8.1
refmap via4
bid 52201
confirm https://bugzilla.redhat.com/show_bug.cgi?id=794766
misc
mlist [libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets
vmware via4
  • description The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
    id VMSA-2012-0013
    last_updated 2012-12-20T00:00:00
    published 2012-08-30T00:00:00
    title Update to ESX service console glibc RPM
  • description The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
    id VMSA-2012-0018
    last_updated 2012-12-13T00:00:00
    published 2012-12-13T00:00:00
    title Update to ESX glibc package
Last major update 03-05-2013 - 00:00
Published 02-05-2013 - 10:55
Back to Top