Vulnerability from csaf_suse
Published
2016-02-16 15:37
Modified
2016-02-16 15:37
Summary
Security update for glibc
Notes
Title of the patch
Security update for glibc
Description of the patch
This update for glibc fixes the following issues:
- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)
- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)
- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)
- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)
- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)
- CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257)
- CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227)
- CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187)
- bsc#920338: Read past end of pattern in fnmatch
- CVE-2015-1781: buffer overflow in nss_dns (bsc#927080)
The following non-security bugs were fixed:
- bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1
- bnc#863499: Memory leak in getaddrinfo when many RRs are returned
- bsc#892065: Avoid unbound alloca in setenv
- bsc#945779: Properly reread entry after failure in nss_files getent function
Patchnames
slessp2-glibc-12405
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for glibc", title: "Title of the patch", }, { category: "description", text: "\nThis update for glibc fixes the following issues:\n\n- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)\n- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)\n- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)\n- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)\n- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)\n- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)\n- CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257)\n- CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227)\n- CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187)\n- bsc#920338: Read past end of pattern in fnmatch\n- CVE-2015-1781: buffer overflow in nss_dns (bsc#927080)\n\nThe following non-security bugs were fixed:\n\n- bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1\n- bnc#863499: Memory leak in getaddrinfo when many RRs are returned \n- bsc#892065: Avoid unbound alloca in setenv\n- bsc#945779: Properly reread entry after failure in nss_files getent function\n", title: "Description of the patch", }, { category: "details", text: "slessp2-glibc-12405", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0470-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:0470-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20160470-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:0470-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001882.html", }, { category: "self", summary: "SUSE Bug 830257", url: "https://bugzilla.suse.com/830257", }, { category: "self", summary: "SUSE Bug 847227", url: "https://bugzilla.suse.com/847227", }, { category: "self", summary: "SUSE Bug 863499", url: "https://bugzilla.suse.com/863499", }, { category: "self", summary: "SUSE Bug 892065", url: "https://bugzilla.suse.com/892065", }, { category: "self", summary: "SUSE Bug 918187", url: "https://bugzilla.suse.com/918187", }, { category: "self", summary: "SUSE Bug 920338", url: "https://bugzilla.suse.com/920338", }, { category: "self", summary: "SUSE Bug 927080", url: "https://bugzilla.suse.com/927080", }, { category: "self", summary: "SUSE Bug 945779", url: "https://bugzilla.suse.com/945779", }, { category: "self", summary: "SUSE Bug 950944", url: "https://bugzilla.suse.com/950944", }, { category: "self", summary: "SUSE Bug 961721", url: "https://bugzilla.suse.com/961721", }, { category: "self", summary: "SUSE Bug 962736", url: "https://bugzilla.suse.com/962736", }, { category: "self", summary: "SUSE Bug 962737", url: "https://bugzilla.suse.com/962737", }, { category: "self", summary: "SUSE Bug 962738", url: "https://bugzilla.suse.com/962738", }, { category: "self", summary: "SUSE Bug 962739", url: "https://bugzilla.suse.com/962739", }, { category: "self", summary: "SUSE CVE CVE-2013-2207 page", url: "https://www.suse.com/security/cve/CVE-2013-2207/", }, { category: "self", summary: "SUSE CVE CVE-2013-4458 page", url: "https://www.suse.com/security/cve/CVE-2013-4458/", }, { category: "self", summary: "SUSE CVE CVE-2014-8121 page", url: "https://www.suse.com/security/cve/CVE-2014-8121/", }, { category: "self", summary: "SUSE CVE CVE-2014-9761 page", url: "https://www.suse.com/security/cve/CVE-2014-9761/", }, { category: "self", summary: "SUSE CVE CVE-2015-1781 page", url: "https://www.suse.com/security/cve/CVE-2015-1781/", }, { category: "self", summary: "SUSE CVE CVE-2015-7547 page", url: "https://www.suse.com/security/cve/CVE-2015-7547/", }, { category: "self", summary: "SUSE CVE CVE-2015-8776 page", url: "https://www.suse.com/security/cve/CVE-2015-8776/", }, { category: "self", summary: "SUSE CVE CVE-2015-8777 page", url: "https://www.suse.com/security/cve/CVE-2015-8777/", }, { category: "self", summary: "SUSE CVE CVE-2015-8778 page", url: "https://www.suse.com/security/cve/CVE-2015-8778/", }, { category: "self", summary: "SUSE CVE CVE-2015-8779 page", url: "https://www.suse.com/security/cve/CVE-2015-8779/", }, ], title: "Security update for glibc", tracking: { current_release_date: "2016-02-16T15:37:56Z", generator: { date: "2016-02-16T15:37:56Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:0470-1", initial_release_date: "2016-02-16T15:37:56Z", revision_history: [ { date: "2016-02-16T15:37:56Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "glibc-2.11.3-17.45.66.1.i586", product: { name: "glibc-2.11.3-17.45.66.1.i586", product_id: "glibc-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "glibc-devel-2.11.3-17.45.66.1.i586", product: { name: "glibc-devel-2.11.3-17.45.66.1.i586", product_id: "glibc-devel-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "glibc-html-2.11.3-17.45.66.1.i586", product: { name: "glibc-html-2.11.3-17.45.66.1.i586", product_id: "glibc-html-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "glibc-i18ndata-2.11.3-17.45.66.1.i586", product: { name: "glibc-i18ndata-2.11.3-17.45.66.1.i586", product_id: "glibc-i18ndata-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "glibc-info-2.11.3-17.45.66.1.i586", product: { name: "glibc-info-2.11.3-17.45.66.1.i586", product_id: "glibc-info-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "glibc-locale-2.11.3-17.45.66.1.i586", product: { name: "glibc-locale-2.11.3-17.45.66.1.i586", product_id: "glibc-locale-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "glibc-profile-2.11.3-17.45.66.1.i586", product: { name: "glibc-profile-2.11.3-17.45.66.1.i586", product_id: "glibc-profile-2.11.3-17.45.66.1.i586", }, }, { category: "product_version", name: "nscd-2.11.3-17.45.66.1.i586", product: { name: "nscd-2.11.3-17.45.66.1.i586", product_id: "nscd-2.11.3-17.45.66.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "glibc-2.11.3-17.45.66.1.i686", product: { name: "glibc-2.11.3-17.45.66.1.i686", product_id: "glibc-2.11.3-17.45.66.1.i686", }, }, { category: "product_version", name: "glibc-devel-2.11.3-17.45.66.1.i686", product: { name: "glibc-devel-2.11.3-17.45.66.1.i686", product_id: "glibc-devel-2.11.3-17.45.66.1.i686", }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "glibc-2.11.3-17.45.66.1.s390x", product: { name: "glibc-2.11.3-17.45.66.1.s390x", product_id: "glibc-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-32bit-2.11.3-17.45.66.1.s390x", product: { name: "glibc-32bit-2.11.3-17.45.66.1.s390x", product_id: "glibc-32bit-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-devel-2.11.3-17.45.66.1.s390x", product: { name: "glibc-devel-2.11.3-17.45.66.1.s390x", product_id: "glibc-devel-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-devel-32bit-2.11.3-17.45.66.1.s390x", product: { name: "glibc-devel-32bit-2.11.3-17.45.66.1.s390x", product_id: "glibc-devel-32bit-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-html-2.11.3-17.45.66.1.s390x", product: { name: "glibc-html-2.11.3-17.45.66.1.s390x", product_id: "glibc-html-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-i18ndata-2.11.3-17.45.66.1.s390x", product: { name: "glibc-i18ndata-2.11.3-17.45.66.1.s390x", product_id: "glibc-i18ndata-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-info-2.11.3-17.45.66.1.s390x", product: { name: "glibc-info-2.11.3-17.45.66.1.s390x", product_id: "glibc-info-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-locale-2.11.3-17.45.66.1.s390x", product: { name: "glibc-locale-2.11.3-17.45.66.1.s390x", product_id: "glibc-locale-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-locale-32bit-2.11.3-17.45.66.1.s390x", product: { name: "glibc-locale-32bit-2.11.3-17.45.66.1.s390x", product_id: "glibc-locale-32bit-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-profile-2.11.3-17.45.66.1.s390x", product: { name: "glibc-profile-2.11.3-17.45.66.1.s390x", product_id: "glibc-profile-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "glibc-profile-32bit-2.11.3-17.45.66.1.s390x", product: { name: "glibc-profile-32bit-2.11.3-17.45.66.1.s390x", product_id: "glibc-profile-32bit-2.11.3-17.45.66.1.s390x", }, }, { category: "product_version", name: "nscd-2.11.3-17.45.66.1.s390x", product: { name: "nscd-2.11.3-17.45.66.1.s390x", product_id: "nscd-2.11.3-17.45.66.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "glibc-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-2.11.3-17.45.66.1.x86_64", product_id: "glibc-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-32bit-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-32bit-2.11.3-17.45.66.1.x86_64", product_id: "glibc-32bit-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-devel-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-devel-2.11.3-17.45.66.1.x86_64", product_id: "glibc-devel-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", product_id: "glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-html-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-html-2.11.3-17.45.66.1.x86_64", product_id: "glibc-html-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-i18ndata-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-i18ndata-2.11.3-17.45.66.1.x86_64", product_id: "glibc-i18ndata-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-info-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-info-2.11.3-17.45.66.1.x86_64", product_id: "glibc-info-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-locale-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-locale-2.11.3-17.45.66.1.x86_64", product_id: "glibc-locale-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", product_id: "glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-profile-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-profile-2.11.3-17.45.66.1.x86_64", product_id: "glibc-profile-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", product: { name: "glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", product_id: "glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", }, }, { category: "product_version", name: "nscd-2.11.3-17.45.66.1.x86_64", product: { name: "nscd-2.11.3-17.45.66.1.x86_64", product_id: "nscd-2.11.3-17.45.66.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss:11:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "glibc-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-2.11.3-17.45.66.1.i686 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", }, product_reference: "glibc-2.11.3-17.45.66.1.i686", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-32bit-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-32bit-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-32bit-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-32bit-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-devel-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.11.3-17.45.66.1.i686 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", }, product_reference: "glibc-devel-2.11.3-17.45.66.1.i686", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-devel-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-devel-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-32bit-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-devel-32bit-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-32bit-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-html-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-html-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-html-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-i18ndata-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-i18ndata-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-i18ndata-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-info-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-info-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-info-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-locale-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-locale-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-locale-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-32bit-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-locale-32bit-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-32bit-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", }, product_reference: "glibc-profile-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-profile-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-profile-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-32bit-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", }, product_reference: "glibc-profile-32bit-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-32bit-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", }, product_reference: "glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "nscd-2.11.3-17.45.66.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", }, product_reference: "nscd-2.11.3-17.45.66.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "nscd-2.11.3-17.45.66.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", }, product_reference: "nscd-2.11.3-17.45.66.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "nscd-2.11.3-17.45.66.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", }, product_reference: "nscd-2.11.3-17.45.66.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2207", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2207", }, ], notes: [ { category: "general", text: "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2207", url: "https://www.suse.com/security/cve/CVE-2013-2207", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2013-2207", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 830257 for CVE-2013-2207", url: "https://bugzilla.suse.com/830257", }, { category: "external", summary: "SUSE Bug 979109 for CVE-2013-2207", url: "https://bugzilla.suse.com/979109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "moderate", }, ], title: "CVE-2013-2207", }, { cve: "CVE-2013-4458", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-4458", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-4458", url: "https://www.suse.com/security/cve/CVE-2013-4458", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2013-4458", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 847227 for CVE-2013-4458", url: "https://bugzilla.suse.com/847227", }, { category: "external", summary: "SUSE Bug 883217 for CVE-2013-4458", url: "https://bugzilla.suse.com/883217", }, { category: "external", summary: "SUSE Bug 941444 for CVE-2013-4458", url: "https://bugzilla.suse.com/941444", }, { category: "external", summary: "SUSE Bug 955181 for CVE-2013-4458", url: "https://bugzilla.suse.com/955181", }, { category: "external", summary: "SUSE Bug 967023 for CVE-2013-4458", url: "https://bugzilla.suse.com/967023", }, { category: "external", summary: "SUSE Bug 980483 for CVE-2013-4458", url: "https://bugzilla.suse.com/980483", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "moderate", }, ], title: "CVE-2013-4458", }, { cve: "CVE-2014-8121", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8121", }, ], notes: [ { category: "general", text: "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8121", url: "https://www.suse.com/security/cve/CVE-2014-8121", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2014-8121", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 918187 for CVE-2014-8121", url: "https://bugzilla.suse.com/918187", }, { category: "external", summary: "SUSE Bug 945779 for CVE-2014-8121", url: "https://bugzilla.suse.com/945779", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "moderate", }, ], title: "CVE-2014-8121", }, { cve: "CVE-2014-9761", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9761", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9761", url: "https://www.suse.com/security/cve/CVE-2014-9761", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2014-9761", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962738 for CVE-2014-9761", url: "https://bugzilla.suse.com/962738", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2014-9761", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "critical", }, ], title: "CVE-2014-9761", }, { cve: "CVE-2015-1781", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1781", }, ], notes: [ { category: "general", text: "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1781", url: "https://www.suse.com/security/cve/CVE-2015-1781", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-1781", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 927080 for CVE-2015-1781", url: "https://bugzilla.suse.com/927080", }, { category: "external", summary: "SUSE Bug 979109 for CVE-2015-1781", url: "https://bugzilla.suse.com/979109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "moderate", }, ], title: "CVE-2015-1781", }, { cve: "CVE-2015-7547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7547", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7547", url: "https://www.suse.com/security/cve/CVE-2015-7547", }, { category: "external", summary: "SUSE Bug 1077097 for CVE-2015-7547", url: "https://bugzilla.suse.com/1077097", }, { category: "external", summary: "SUSE Bug 847227 for CVE-2015-7547", url: "https://bugzilla.suse.com/847227", }, { category: "external", summary: "SUSE Bug 961721 for CVE-2015-7547", url: "https://bugzilla.suse.com/961721", }, { category: "external", summary: "SUSE Bug 967023 for CVE-2015-7547", url: "https://bugzilla.suse.com/967023", }, { category: "external", summary: "SUSE Bug 967061 for CVE-2015-7547", url: "https://bugzilla.suse.com/967061", }, { category: "external", summary: "SUSE Bug 967072 for CVE-2015-7547", url: "https://bugzilla.suse.com/967072", }, { category: "external", summary: "SUSE Bug 967496 for CVE-2015-7547", url: "https://bugzilla.suse.com/967496", }, { category: "external", summary: "SUSE Bug 969216 for CVE-2015-7547", url: "https://bugzilla.suse.com/969216", }, { category: "external", summary: "SUSE Bug 969241 for CVE-2015-7547", url: "https://bugzilla.suse.com/969241", }, { category: "external", summary: "SUSE Bug 969591 for CVE-2015-7547", url: "https://bugzilla.suse.com/969591", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-7547", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "important", }, ], title: "CVE-2015-7547", }, { cve: "CVE-2015-8776", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8776", }, ], notes: [ { category: "general", text: "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8776", url: "https://www.suse.com/security/cve/CVE-2015-8776", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8776", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962736 for CVE-2015-8776", url: "https://bugzilla.suse.com/962736", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8776", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "low", }, ], title: "CVE-2015-8776", }, { cve: "CVE-2015-8777", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8777", }, ], notes: [ { category: "general", text: "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8777", url: "https://www.suse.com/security/cve/CVE-2015-8777", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8777", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 950944 for CVE-2015-8777", url: "https://bugzilla.suse.com/950944", }, { category: "external", summary: "SUSE Bug 962735 for CVE-2015-8777", url: "https://bugzilla.suse.com/962735", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "low", }, ], title: "CVE-2015-8777", }, { cve: "CVE-2015-8778", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8778", }, ], notes: [ { category: "general", text: "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8778", url: "https://www.suse.com/security/cve/CVE-2015-8778", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8778", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962737 for CVE-2015-8778", url: "https://bugzilla.suse.com/962737", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8778", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "low", }, ], title: "CVE-2015-8778", }, { cve: "CVE-2015-8779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8779", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8779", url: "https://www.suse.com/security/cve/CVE-2015-8779", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8779", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962739 for CVE-2015-8779", url: "https://bugzilla.suse.com/962739", }, { category: "external", summary: "SUSE Bug 965453 for CVE-2015-8779", url: "https://bugzilla.suse.com/965453", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8779", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.i686", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-devel-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-html-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-i18ndata-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-info-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-locale-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:glibc-profile-32bit-2.11.3-17.45.66.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:nscd-2.11.3-17.45.66.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-02-16T15:37:56Z", details: "important", }, ], title: "CVE-2015-8779", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.