ID CVE-2014-5119
Summary Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
References
Vulnerable Configurations
  • GNU glibc
    cpe:2.3:a:gnu:glibc
CVSS
Base: 7.5 (as of 02-09-2014 - 13:20)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description glibc Off-by-One NUL Byte gconv_translit_find Exploit. CVE-2014-5119. Local exploit for linux platform
id EDB-ID:34421
last seen 2016-02-03
modified 2014-08-27
published 2014-08-27
reporter taviso and scarybeasts
source https://www.exploit-db.com/download/34421/
title glibc - Off-by-One NUL Byte gconv_translit_find Exploit
nessus via4
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-399.NASL
    description An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78342
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78342
    title Amazon Linux AMI : glibc (ALAS-2014-399)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1118.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 79044
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79044
    title RHEL 5 / 6 : glibc (RHSA-2014:1118)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-140829.NASL
    description This glibc update fixes a critical privilege escalation problem and two non-security issues : - An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119). (bnc#892073) - setenv-alloca.patch: Avoid unbound alloca in setenv. (bnc#892065) - printf-multibyte-format.patch: Don't parse %s format argument as multi-byte string. (bnc#888347)
    last seen 2019-02-21
    modified 2015-01-28
    plugin id 77673
    published 2014-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77673
    title SuSE 11.3 Security Update : glibc (SAT Patch Number 9669)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000) - Correct test for detecting cycle during topo sort (#729661) - Check values from TZ file header (#767688) - Complete the numeric settings fix (#675259) - Complete the change for error codes from pthread_create (#707998) - Truncate time values in Linux futimes when falling back to utime (#758252) - Update systemtaparches - Add rules to build libresolv with SSP flags (#756453) - Fix PLT reference - Workaround misconfigured system (#702300) - Update systemtaparches - Correct cycle detection during dependency sorting (#729661) - Add gdb hooks (#711924) - Fix alloca accounting in strxfm and strcoll (#585433) - Correct cycle detection during dependency sorting (#729661) - ldd: never run file directly (#531160) - Implement greedy matching of weekday and month names (#657570) - Fix incorrect numeric settings (#675259) - Implement new mode for NIS passwd.adjunct.byname table (#678318) - Query NIS domain only when needed (#703345) - Count total processors using sysfs (#706894) - Translate clone error if necessary (#707998) - Workaround kernel clobbering robust list (#711531) - Use correct type when casting d_tag (#599056, CVE-2010-0830) - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089) - Don't underestimate length of DST substitution (#694655) - Don't allocate executable stack when it cannot be allocated in the first 4G (#448011) - Initialize resolver state in nscd (#676039) - No cancel signal in unsafe places (#684808) - Check size of pattern in wide character representation in fnmatch (#681054) - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of $ORIGIN when privileged (#667974, CVE-2011-0536) - Fix handling of newline in addmntent (#559579, CVE-2010-0296) - Don't ignore $ORIGIN in libraries (#670988) - Fix false assertion (#604796) - Fix ordering of DSO constructors and destructors (#604796) - Fix typo (#531576) - Fix concurrency problem between dl_open and dl_iterate_phdr (#649956) - Require suid bit on audit objects in privileged programs (#645678, CVE-2010-3856) - Never expand $ORIGIN in privileged programs (#643819, CVE-2010-3847) - Add timestamps to nscd logs (#527558) - Fix index wraparound handling in memusage (#531576) - Handle running out of buffer space with IPv6 mapping enabled (#533367) - Don't deadlock in __dl_iterate_phdr while (un)loading objects (#549813) - Avoid alloca in setenv for long strings (#559974) - Recognize POWER7 and ISA 2.06 (#563563) - Add support for AT_BASE_PLATFORM (#563599) - Restore locking in free_check (#585674) - Fix lookup of collation sequence value during regexp matching (#587360) - Fix POWER6 memcpy/memset (#579011) - Fix scope handling during dl_close (#593675) - Enable -fasynchronous-unwind-tables throughout (#593047) - Fix crash when aio thread creation fails (#566712)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81118
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81118
    title OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3012.NASL
    description Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77418
    published 2014-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77418
    title Debian DSA-3012-1 : eglibc - security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0024.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81119
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81119
    title OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1119-1.NASL
    description This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83634
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83634
    title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-536.NASL
    description glibc was updated to fix three security issues : - A directory traversal in locale environment handling was fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137) - Disable gconv transliteration module loading which could be used for code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187) - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 77659
    published 2014-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77659
    title openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-43.NASL
    description CVE-2014-0475 Stephane Chazelas discovered that the GNU C library, glibc, processed '..' path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings. CVE-2014-5119 Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82190
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82190
    title Debian DLA-43-1 : eglibc security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201602-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201602-02 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. Impact : A remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. Workaround : A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below.
    last seen 2019-02-21
    modified 2017-01-27
    plugin id 88822
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88822
    title GLSA-201602-02 : GNU C Library: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-175.NASL
    description Multiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules (CVE-2014-5119). Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 77654
    published 2014-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77654
    title Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1128-1.NASL
    description This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83638
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83638
    title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1122-1.NASL
    description This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don't crash on unresolved weak symbol reference. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#836746: Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork. - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#830268: Initialize pointer guard also in static executables. (CVE-2013-4788) - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83637
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83637
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-296-01.NASL
    description New glibc packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2019-02-21
    modified 2015-01-28
    plugin id 78656
    published 2014-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78656
    title Slackware 14.1 / current : glibc (SSA:2014-296-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1110.NASL
    description Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77464
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77464
    title RHEL 5 / 6 / 7 : glibc (RHSA-2014:1110)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2328-1.NASL
    description Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119) USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77436
    published 2014-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77436
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerability (USN-2328-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9824.NASL
    description - Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain '..' path components. (CVE-2014-0475) Previously, some valid locale names were silently replaced with the 'C' locale when running in AT_SECURE mode (e.g., in a SUID program). This is no longer necessary because of the additional checks. - Support for loadable gconv transliteration modules has been removed because it did not work at all. Regular gconv conversion modules are still supported. (CVE-2014-5119) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77430
    published 2014-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77430
    title Fedora 20 : glibc-2.18-14.fc20 (2014-9824)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1110.NASL
    description From Red Hat Security Advisory 2014:1110 : Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77463
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77463
    title Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140829_GLIBC_ON_SL5_X.NASL
    description An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 77465
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77465
    title Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-168.NASL
    description Updated glibc packages fix security vulnerabilities : Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there (CVE-2014-0475). David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities (CVE-2014-4043). This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073) Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose (CVE-2014-5119). Adhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040). The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of '$((... ))' where '...' can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817). The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers (CVE-2012-3406). The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format (CVE-2014-9402). Also glibc lock elision (new feature in glibc 2.18) has been disabled as it can break glibc at runtime on newer Intel hardware (due to hardware bug) Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472). The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack (CVE-2015-1473).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82421
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82421
    title Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1129-1.NASL
    description This glibc update fixes a critical privilege escalation problem and two additional issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. - bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) - bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83639
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83639
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0033.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). - Add mmap usage to malloc_info output (#1027261). - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). - Also relocate in dependency order when doing symbol dependency testing (#1019916). - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). - nscd: Make SELinux checks dynamic (#1025933). - Fix race in free of fastbin chunk (#1027101). - Fix copy relocations handling of unique objects (#1032628). - Fix encoding name for IDN in getaddrinfo (#981942). - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557).
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79548
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79548
    title OracleVM 3.3 : glibc (OVMSA-2014-0033)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0017.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Don't use alloca in addgetnetgrentX (#1087789). - Adjust pointers to triplets in netgroup query data (#1087789). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098050). - Fix race in free of fastbin chunk (#1091162). - Revert the addition of gettimeofday vDSO function for ppc and ppc64 until OPD VDSO function call issues are resolved (#1026533). - Call gethostbyname4_r only for PF_UNSPEC (#1022022). - Fix integer overflows in *valloc and memalign. (#1008310). - Initialize res_hconf in nscd (#970090). - Update previous patch for dcigettext.c and loadmsgcat.c (#834386). - Save search paths before performing relro protection (#988931). - Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575). - Align value of stacksize in nptl-init (#663641). - Renamed release engineering directory from 'fedora' to `releng' (#903754). - Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302). - Fall back to local DNS if resolv.conf does not define nameservers (#928318). - Add systemtap probes to slowexp and slowpow (#905575). - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213). - Add netgroup cache support for nscd (#629823). - Fix multiple nss_compat initgroups bugs (#966778). - Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384). - Add MAP_HUGETLB and MAP_STACK support (#916986). - Update translation for stale file handle error (#970776). - Improve performance of _SC_NPROCESSORS_ONLN (#rh952422). - Fix up _init in pt-initfini to accept arguments (#663641). - Set reasonable limits on xdr requests to prevent memory leaks (#848748). - Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars (#552960). - New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size (#663641). - Improved handling of recursive calls in backtrace (#868808). - The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc. (#851470) - Don't free rpath strings allocated during startup until after ld.so is re-relocated. (#862094) - Consistantly MANGLE/DEMANGLE function pointers. Fix use after free in dcigettext.c (#834386). - Change rounding mode only when necessary (#966775). - Backport of code to allow incremental loading of library list (#886968). - Fix loading of audit libraries when TLS is in use (#919562) - Fix application of SIMD FP exception mask (#929388).
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79539
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79539
    title OracleVM 3.3 : glibc (OVMSA-2014-0017)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9830.NASL
    description An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119). A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 78583
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78583
    title Fedora 19 : glibc-2.17-21.fc19 (2014-9830)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1110.NASL
    description Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77439
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77439
    title CentOS 5 / 6 / 7 : glibc (CESA-2014:1110)
redhat via4
advisories
  • bugzilla
    id 1119128
    title CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment glibc is earlier than 0:2.5-118.el5_10.3
            oval oval:com.redhat.rhsa:tst:20141110002
          • comment glibc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100787003
        • AND
          • comment glibc-common is earlier than 0:2.5-118.el5_10.3
            oval oval:com.redhat.rhsa:tst:20141110008
          • comment glibc-common is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100787009
        • AND
          • comment glibc-devel is earlier than 0:2.5-118.el5_10.3
            oval oval:com.redhat.rhsa:tst:20141110004
          • comment glibc-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100787007
        • AND
          • comment glibc-headers is earlier than 0:2.5-118.el5_10.3
            oval oval:com.redhat.rhsa:tst:20141110010
          • comment glibc-headers is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100787013
        • AND
          • comment glibc-utils is earlier than 0:2.5-118.el5_10.3
            oval oval:com.redhat.rhsa:tst:20141110012
          • comment glibc-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100787005
        • AND
          • comment nscd is earlier than 0:2.5-118.el5_10.3
            oval oval:com.redhat.rhsa:tst:20141110006
          • comment nscd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100787011
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment glibc is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110018
          • comment glibc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872006
        • AND
          • comment glibc-common is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110024
          • comment glibc-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872012
        • AND
          • comment glibc-devel is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110022
          • comment glibc-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872018
        • AND
          • comment glibc-headers is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110020
          • comment glibc-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872010
        • AND
          • comment glibc-static is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110026
          • comment glibc-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872008
        • AND
          • comment glibc-utils is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110028
          • comment glibc-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872014
        • AND
          • comment nscd is earlier than 0:2.12-1.132.el6_5.4
            oval oval:com.redhat.rhsa:tst:20141110030
          • comment nscd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872016
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment glibc is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110036
          • comment glibc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872006
        • AND
          • comment glibc-common is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110042
          • comment glibc-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872012
        • AND
          • comment glibc-devel is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110040
          • comment glibc-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872018
        • AND
          • comment glibc-headers is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110038
          • comment glibc-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872010
        • AND
          • comment glibc-static is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110041
          • comment glibc-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872008
        • AND
          • comment glibc-utils is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110037
          • comment glibc-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872014
        • AND
          • comment nscd is earlier than 0:2.17-55.el7_0.1
            oval oval:com.redhat.rhsa:tst:20141110039
          • comment nscd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2014:1110
    released 2014-08-29
    severity Important
    title RHSA-2014:1110: glibc security update (Important)
  • rhsa
    id RHSA-2014:1118
rpms
  • glibc-0:2.5-118.el5_10.3
  • glibc-common-0:2.5-118.el5_10.3
  • glibc-devel-0:2.5-118.el5_10.3
  • glibc-headers-0:2.5-118.el5_10.3
  • glibc-utils-0:2.5-118.el5_10.3
  • nscd-0:2.5-118.el5_10.3
  • glibc-0:2.12-1.132.el6_5.4
  • glibc-common-0:2.12-1.132.el6_5.4
  • glibc-devel-0:2.12-1.132.el6_5.4
  • glibc-headers-0:2.12-1.132.el6_5.4
  • glibc-static-0:2.12-1.132.el6_5.4
  • glibc-utils-0:2.12-1.132.el6_5.4
  • nscd-0:2.12-1.132.el6_5.4
  • glibc-0:2.17-55.el7_0.1
  • glibc-common-0:2.17-55.el7_0.1
  • glibc-devel-0:2.17-55.el7_0.1
  • glibc-headers-0:2.17-55.el7_0.1
  • glibc-static-0:2.17-55.el7_0.1
  • glibc-utils-0:2.17-55.el7_0.1
  • nscd-0:2.17-55.el7_0.1
refmap via4
bid
  • 68983
  • 69738
cisco 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability
confirm
debian DSA-3012
fulldisc 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit
gentoo GLSA-201602-02
mandriva MDVSA-2014:175
misc
mlist
  • [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)
  • [oss-security] 20170713 glibc locale issues
secunia
  • 60345
  • 60358
  • 60441
  • 61074
  • 61093
suse SUSE-SU-2014:1125
Last major update 06-01-2017 - 22:00
Published 29-08-2014 - 12:55
Back to Top