rhsa-2011_0412
Vulnerability from csaf_redhat
Published
2011-04-04 20:01
Modified
2024-11-22 04:55
Summary
Red Hat Security Advisory: glibc security update
Notes
Topic
Updated glibc packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.
The fix for CVE-2010-3847 introduced a regression in the way the dynamic
loader expanded the $ORIGIN dynamic string token specified in the RPATH and
RUNPATH entries in the ELF library header. A local attacker could use this
flaw to escalate their privileges via a setuid or setgid program using
such a library. (CVE-2011-0536)
It was discovered that the glibc addmntent() function did not sanitize its
input properly. A local attacker could possibly use this flaw to inject
malformed lines into /etc/mtab via certain setuid mount helpers, if the
attacker were allowed to mount to an arbitrary directory under their
control. (CVE-2010-0296)
It was discovered that the glibc fnmatch() function did not properly
restrict the use of alloca(). If the function was called on sufficiently
large inputs, it could cause an application using fnmatch() to crash or,
possibly, execute arbitrary code with the privileges of the application.
(CVE-2011-1071)
It was discovered that the locale command did not produce properly escaped
output as required by the POSIX specification. If an attacker were able to
set the locale environment variables in the environment of a script that
performed shell evaluation on the output of the locale command, and that
script were run with different privileges than the attacker's, it could
execute arbitrary code with the privileges of the script. (CVE-2011-1095)
All users should upgrade to these updated packages, which contain
backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glibc packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The glibc packages contain the standard C libraries used by multiple\nprograms on the system. These packages contain the standard C and the\nstandard math libraries. Without these two libraries, a Linux system cannot\nfunction properly.\n\nThe fix for CVE-2010-3847 introduced a regression in the way the dynamic\nloader expanded the $ORIGIN dynamic string token specified in the RPATH and\nRUNPATH entries in the ELF library header. A local attacker could use this\nflaw to escalate their privileges via a setuid or setgid program using\nsuch a library. (CVE-2011-0536)\n\nIt was discovered that the glibc addmntent() function did not sanitize its\ninput properly. A local attacker could possibly use this flaw to inject\nmalformed lines into /etc/mtab via certain setuid mount helpers, if the\nattacker were allowed to mount to an arbitrary directory under their\ncontrol. (CVE-2010-0296)\n\nIt was discovered that the glibc fnmatch() function did not properly\nrestrict the use of alloca(). If the function was called on sufficiently\nlarge inputs, it could cause an application using fnmatch() to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n(CVE-2011-1071)\n\nIt was discovered that the locale command did not produce properly escaped\noutput as required by the POSIX specification. If an attacker were able to\nset the locale environment variables in the environment of a script that\nperformed shell evaluation on the output of the locale command, and that\nscript were run with different privileges than the attacker\u0027s, it could\nexecute arbitrary code with the privileges of the script. (CVE-2011-1095)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:0412",
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "559579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=559579"
},
{
"category": "external",
"summary": "625893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
},
{
"category": "external",
"summary": "667974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667974"
},
{
"category": "external",
"summary": "681054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"category": "external",
"summary": "682991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=682991"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0412.json"
}
],
"title": "Red Hat Security Advisory: glibc security update",
"tracking": {
"current_release_date": "2024-11-22T04:55:26+00:00",
"generator": {
"date": "2024-11-22T04:55:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2011:0412",
"initial_release_date": "2011-04-04T20:01:00+00:00",
"revision_history": [
{
"date": "2011-04-04T20:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-04-04T16:06:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T04:55:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5.6.z server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-headers-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "glibc-headers-0:2.5-58.el5_6.2.ia64",
"product_id": "glibc-headers-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-headers@2.5-58.el5_6.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "nscd-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "nscd-0:2.5-58.el5_6.2.ia64",
"product_id": "nscd-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nscd@2.5-58.el5_6.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "glibc-utils-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "glibc-utils-0:2.5-58.el5_6.2.ia64",
"product_id": "glibc-utils-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-utils@2.5-58.el5_6.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.ia64",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.ia64",
"product_id": "glibc-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "glibc-common-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "glibc-common-0:2.5-58.el5_6.2.ia64",
"product_id": "glibc-common-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-common@2.5-58.el5_6.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.i686",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.i686",
"product_id": "glibc-0:2.5-58.el5_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-headers-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "glibc-headers-0:2.5-58.el5_6.2.ppc",
"product_id": "glibc-headers-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-headers@2.5-58.el5_6.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "nscd-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "nscd-0:2.5-58.el5_6.2.ppc",
"product_id": "nscd-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nscd@2.5-58.el5_6.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "glibc-utils-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "glibc-utils-0:2.5-58.el5_6.2.ppc",
"product_id": "glibc-utils-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-utils@2.5-58.el5_6.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.ppc",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.ppc",
"product_id": "glibc-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "glibc-common-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "glibc-common-0:2.5-58.el5_6.2.ppc",
"product_id": "glibc-common-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-common@2.5-58.el5_6.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.ppc64",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.ppc64",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.ppc64",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.ppc64",
"product_id": "glibc-0:2.5-58.el5_6.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-headers-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "glibc-headers-0:2.5-58.el5_6.2.s390x",
"product_id": "glibc-headers-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-headers@2.5-58.el5_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nscd-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "nscd-0:2.5-58.el5_6.2.s390x",
"product_id": "nscd-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nscd@2.5-58.el5_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "glibc-utils-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "glibc-utils-0:2.5-58.el5_6.2.s390x",
"product_id": "glibc-utils-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-utils@2.5-58.el5_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.s390x",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.s390x",
"product_id": "glibc-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "glibc-common-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "glibc-common-0:2.5-58.el5_6.2.s390x",
"product_id": "glibc-common-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-common@2.5-58.el5_6.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.s390",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.s390",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.s390",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.s390",
"product_id": "glibc-0:2.5-58.el5_6.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-headers-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "glibc-headers-0:2.5-58.el5_6.2.x86_64",
"product_id": "glibc-headers-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-headers@2.5-58.el5_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nscd-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "nscd-0:2.5-58.el5_6.2.x86_64",
"product_id": "nscd-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nscd@2.5-58.el5_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glibc-utils-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "glibc-utils-0:2.5-58.el5_6.2.x86_64",
"product_id": "glibc-utils-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-utils@2.5-58.el5_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.x86_64",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.x86_64",
"product_id": "glibc-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glibc-common-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "glibc-common-0:2.5-58.el5_6.2.x86_64",
"product_id": "glibc-common-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-common@2.5-58.el5_6.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-devel-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-devel-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-devel-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-devel@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo-common@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-debuginfo@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "glibc-headers-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-headers-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-headers-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-headers@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "nscd-0:2.5-58.el5_6.2.i386",
"product": {
"name": "nscd-0:2.5-58.el5_6.2.i386",
"product_id": "nscd-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nscd@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "glibc-utils-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-utils-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-utils-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-utils@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "glibc-common-0:2.5-58.el5_6.2.i386",
"product": {
"name": "glibc-common-0:2.5-58.el5_6.2.i386",
"product_id": "glibc-common-0:2.5-58.el5_6.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc-common@2.5-58.el5_6.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "glibc-0:2.5-58.el5_6.2.src",
"product": {
"name": "glibc-0:2.5-58.el5_6.2.src",
"product_id": "glibc-0:2.5-58.el5_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glibc@2.5-58.el5_6.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.i686 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.i686",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.ppc64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.s390 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.s390",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.src as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.src",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "glibc-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-common-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-common-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-common-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "glibc-common-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-common-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "glibc-common-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-common-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "glibc-common-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-common-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "glibc-common-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.i686 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.s390 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-debuginfo-common-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.ppc64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.s390 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.s390",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-devel-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "glibc-devel-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-headers-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-headers-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-headers-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "glibc-headers-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-headers-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "glibc-headers-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-headers-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "glibc-headers-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-headers-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "glibc-headers-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-utils-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386"
},
"product_reference": "glibc-utils-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-utils-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "glibc-utils-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-utils-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "glibc-utils-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-utils-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "glibc-utils-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glibc-utils-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "glibc-utils-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nscd-0:2.5-58.el5_6.2.i386 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386"
},
"product_reference": "nscd-0:2.5-58.el5_6.2.i386",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nscd-0:2.5-58.el5_6.2.ia64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64"
},
"product_reference": "nscd-0:2.5-58.el5_6.2.ia64",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nscd-0:2.5-58.el5_6.2.ppc as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc"
},
"product_reference": "nscd-0:2.5-58.el5_6.2.ppc",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nscd-0:2.5-58.el5_6.2.s390x as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x"
},
"product_reference": "nscd-0:2.5-58.el5_6.2.s390x",
"relates_to_product_reference": "5Server-5.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nscd-0:2.5-58.el5_6.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5.6.z server)",
"product_id": "5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
},
"product_reference": "nscd-0:2.5-58.el5_6.2.x86_64",
"relates_to_product_reference": "5Server-5.6.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-0296",
"discovery_date": "2009-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "559579"
}
],
"notes": [
{
"category": "description",
"text": "The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Improper encoding of names with certain special character in utilities for writing to mtab table",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0296"
},
{
"category": "external",
"summary": "RHBZ#559579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=559579"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0296"
}
],
"release_date": "2010-05-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-04T20:01:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: Improper encoding of names with certain special character in utilities for writing to mtab table"
},
{
"cve": "CVE-2011-0536",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2010-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "667974"
}
],
"notes": [
{
"category": "description",
"text": "Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0536"
},
{
"category": "external",
"summary": "RHBZ#667974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667974"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0536"
}
],
"release_date": "2011-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-04T20:01:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glibc: fix causes linker to search CWD when running privileged program with $ORIGIN in R*PATH"
},
{
"cve": "CVE-2011-1071",
"discovery_date": "2011-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "681054"
}
],
"notes": [
{
"category": "description",
"text": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: fnmatch() alloca()-based memory corruption flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1071"
},
{
"category": "external",
"summary": "RHBZ#681054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1071"
}
],
"release_date": "2010-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-04T20:01:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: fnmatch() alloca()-based memory corruption flaw"
},
{
"cve": "CVE-2011-1095",
"discovery_date": "2010-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "625893"
}
],
"notes": [
{
"category": "description",
"text": "locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: insufficient quoting in the locale command output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1095"
},
{
"category": "external",
"summary": "RHBZ#625893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1095"
}
],
"release_date": "2010-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-04T20:01:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: insufficient quoting in the locale command output"
},
{
"cve": "CVE-2011-1658",
"discovery_date": "2011-01-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "694873"
}
],
"notes": [
{
"category": "description",
"text": "ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: ld.so insecure handling of privileged programs\u0027 RPATHs with $ORIGIN",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1658"
},
{
"category": "external",
"summary": "RHBZ#694873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694873"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1658",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1658"
}
],
"release_date": "2011-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-04T20:01:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: ld.so insecure handling of privileged programs\u0027 RPATHs with $ORIGIN"
},
{
"cve": "CVE-2011-1659",
"discovery_date": "2011-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "681054"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: fnmatch() alloca()-based memory corruption flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-1659"
},
{
"category": "external",
"summary": "RHBZ#681054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-1659",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1659"
}
],
"release_date": "2010-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-04-04T20:01:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2011:0412"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.src",
"5Server-5.6.Z:glibc-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-common-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.i686",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-debuginfo-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-debuginfo-common-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.ppc64",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-devel-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-headers-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:glibc-utils-0:2.5-58.el5_6.2.x86_64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.i386",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ia64",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.ppc",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.s390x",
"5Server-5.6.Z:nscd-0:2.5-58.el5_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: fnmatch() alloca()-based memory corruption flaw"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.