Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0013
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0013)
Zusammenfassung:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0013 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0013 advisory. Vulnerability Insight: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context- dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers (CVE-2012-3406). The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format (CVE-2014-9402). Also glibc lock elision (new feature in glibc 2.18) has been disabled as it can break glibc at runtime on newer Intel hardware (due to hardware bug) Affected Software/OS: 'glibc' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3406 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1097 http://rhn.redhat.com/errata/RHSA-2012-1097.html RHSA-2012:1098 http://rhn.redhat.com/errata/RHSA-2012-1098.html RHSA-2012:1185 http://rhn.redhat.com/errata/RHSA-2012-1185.html RHSA-2012:1200 http://rhn.redhat.com/errata/RHSA-2012-1200.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities http://www.openwall.com/lists/oss-security/2012/07/11/17 https://bugzilla.redhat.com/attachment.cgi?id=594722 https://bugzilla.redhat.com/show_bug.cgi?id=826943 Common Vulnerability Exposure (CVE) ID: CVE-2014-9402 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 71670 http://www.securityfocus.com/bid/71670 GLSA-201602-02 https://security.gentoo.org/glsa/201602-02 RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:0805 USN-2519-1 http://www.ubuntu.com/usn/USN-2519-1 [oss-security] 20141217 Re: CVE request: glibc http://www.openwall.com/lists/oss-security/2014/12/18/1 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html https://sourceware.org/bugzilla/show_bug.cgi?id=17630 openSUSE-SU-2015:0351 http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.