- Home
- CVEs with nessus.description==USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,
the fix for CVE-2015-5180 introduced an internal ABI change within the
resolver library. This update reverts the change. We apologize for the
inconvenience.
Please note that long-running services that were restarted to
compensate for the USN-3239-1 update may need to be restarted again.
It was discovered that the GNU C Library incorrectly handled the
strxfrm() function. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)
It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An
attacker could use this to cause a denial of service or
possibly execute arbitrary code. This issue only affected
Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)
It was discovered that the fnmatch() function in the GNU C
Library did not properly handle certain malformed patterns.
An attacker could use this to cause a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2015-8984)
Alexander Cherepanov discovered a stack-based buffer
overflow in the glob implementation of the GNU C Library. An
attacker could use this to specially craft a directory
layout and cause a denial of service. (CVE-2016-1234)
Florian Weimer discovered a NULL pointer dereference in the
DNS resolver of the GNU C Library. An attacker could use
this to cause a denial of service. (CVE-2015-5180)
Michael Petlan discovered an unbounded stack allocation in
the getaddrinfo() function of the GNU C Library. An attacker
could use this to cause a denial of service. (CVE-2016-3706)
Aldy Hernandez discovered an unbounded stack allocation in
the sunrpc implementation in the GNU C Library. An attacker
could use this to cause a denial of service. (CVE-2016-4429)
Tim Ruehsen discovered that the getaddrinfo() implementation
in the GNU C Library did not properly track memory
allocations. An attacker could use this to cause a denial of
service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-5417)
Andreas Schwab discovered that the GNU C Library on ARM
32-bit platforms did not properly set up execution contexts.
An attacker could use this to cause a denial of service.
(CVE-2016-6323).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top