 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2022.0052 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2022-0052) |
| Zusammenfassung: | The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2022-0052 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2022-0052 advisory. Vulnerability Insight: Updated glibc packages fix security vulnerability: An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system (CVE-2021-3999). Other upstream fixes in this update: - gconv: Do not emit spurious NUL character in ISO-2022-JP-3 [BZ #28524] - x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ #28755] - x86: Set Prefer_No_VZEROUPPER and add Prefer_AVX2_STRCMP - x86-64: Add ifunc-avx2.h functions with 256-bit EVEX - x86-64: Add strcpy family functions with 256-bit EVEX - x86-64: Add memmove family functions with 256-bit EVEX - x86-64: Add memset family functions with 256-bit EVEX - x86-64: Add memcmp family functions with 256-bit EVEX - x86-64: Add AVX optimized string/memory functions for RTM - x86: Add string/memory function tests in RTM region - x86-64: Use ZMM16-ZMM31 in AVX512 memset family functions - x86-64: Use ZMM16-ZMM31 in AVX512 memmove family functions - test-strnlen.c: Initialize wchar_t string with wmemset [BZ #27655] - test-strnlen.c: Check that strnlen won't go beyond the maximum length - x86: Optimize memchr-avx2.S - x86: Fix overflow bug with wmemchr-sse2 and wmemchr-avx2 [BZ #27974] - x86: Optimize strlen-avx2.S - x86: Optimize memchr-evex.S - x86-64: Fix an unknown vector operation in memchr-evex.S - x86-64: Move strlen.S to multiarch/strlen-vec.S - x86-64: Add wcslen optimize for sse4.1 - x86: Fix overflow bug in wcsnlen-sse4_1 and wcsnlen-avx2 [BZ #27974] - x86: Optimize strlen-evex.S - String: Add overflow tests for strnlen, memchr, and strncat [BZ #27974] - x86-64: Require BMI2 for __strlen_evex and __strnlen_evex - x86: Check RTM_ALWAYS_ABORT for RTM [BZ #28033] - x86: Black list more Intel CPUs for TSX [BZ #27398] - x86: Remove wcsnlen-sse4_1 from wcslen ifunc-impl-list [BZ #28064] - x86-64: Test strlen and wcslen with 0 in the RSI register [BZ #28064] Affected Software/OS: 'glibc' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3999 [debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://access.redhat.com/security/cve/CVE-2021-3999 https://bugzilla.redhat.com/show_bug.cgi?id=2024637 https://security-tracker.debian.org/tracker/CVE-2021-3999 https://security.netapp.com/advisory/ntap-20221104-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=28769 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e https://www.openwall.com/lists/oss-security/2022/01/24/4 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |