ID de Prueba:	1.3.6.1.4.1.25623.1.0.131241
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0079)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2016-0079 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2016-0079 advisory. Vulnerability Insight: Updated glibc fixes the following security issues: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code (CVE-2014-9761). A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (CVE-2015-7547). Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (CVE-2015-8776). Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (CVE-2015-8777). Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (CVE-2015-8778). A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code (CVE-2015-8779). Affected Software/OS: 'glibc' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9761 BugTraq ID: 83306 http://www.securityfocus.com/bid/83306 Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) https://seclists.org/bugtraq/2019/Jun/14 Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search) https://seclists.org/bugtraq/2019/Sep/7 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 https://security.gentoo.org/glsa/201702-11 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html http://www.openwall.com/lists/oss-security/2016/01/19/11 http://www.openwall.com/lists/oss-security/2016/01/20/1 RedHat Security Advisories: RHSA-2017:0680 http://rhn.redhat.com/errata/RHSA-2017-0680.html RedHat Security Advisories: RHSA-2017:1916 https://access.redhat.com/errata/RHSA-2017:1916 SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html SuSE Security Announcement: SUSE-SU-2016:0471 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html SuSE Security Announcement: SUSE-SU-2016:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html SuSE Security Announcement: SUSE-SU-2016:0473 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html SuSE Security Announcement: openSUSE-SU-2016:0510 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-7547 1035020 http://www.securitytracker.com/id/1035020 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices http://seclists.org/fulldisclosure/2021/Sep/0 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series http://seclists.org/fulldisclosure/2022/Jun/36 39454 https://www.exploit-db.com/exploits/39454/ 40339 https://www.exploit-db.com/exploits/40339/ 83265 http://www.securityfocus.com/bid/83265 DSA-3480 http://www.debian.org/security/2016/dsa-3480 DSA-3481 http://www.debian.org/security/2016/dsa-3481 FEDORA-2016-0480defc94 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html FEDORA-2016-0f9e9a34ce http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html GLSA-201602-02 https://security.gentoo.org/glsa/201602-02 HPSBGN03442 http://marc.info/?l=bugtraq&m=145690841819314&w=2 HPSBGN03547 http://marc.info/?l=bugtraq&m=145596041017029&w=2 HPSBGN03549 http://marc.info/?l=bugtraq&m=145672440608228&w=2 HPSBGN03551 http://marc.info/?l=bugtraq&m=145857691004892&w=2 HPSBGN03582 http://marc.info/?l=bugtraq&m=146161017210491&w=2 RHSA-2016:0175 http://rhn.redhat.com/errata/RHSA-2016-0175.html RHSA-2016:0176 http://rhn.redhat.com/errata/RHSA-2016-0176.html RHSA-2016:0225 http://rhn.redhat.com/errata/RHSA-2016-0225.html RHSA-2016:0277 http://rhn.redhat.com/errata/RHSA-2016-0277.html SUSE-SU-2016:0470 SUSE-SU-2016:0471 SUSE-SU-2016:0472 SUSE-SU-2016:0473 USN-2900-1 http://ubuntu.com/usn/usn-2900-1 VU#457759 https://www.kb.cert.org/vuls/id/457759 [libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://support.citrix.com/article/CTX206991 http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.vmware.com/security/advisories/VMSA-2016-0002.html https://access.redhat.com/articles/2161461 https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/ https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ https://bto.bluecoat.com/security-advisory/sa114 https://bugzilla.redhat.com/show_bug.cgi?id=1293532 https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161 https://kc.mcafee.com/corporate/index?page=content&id=SB10150 https://security.netapp.com/advisory/ntap-20160217-0002/ https://sourceware.org/bugzilla/show_bug.cgi?id=18665 https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html https://support.lenovo.com/us/en/product_security/len_5450 https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17 https://www.tenable.com/security/research/tra-2017-08 openSUSE-SU-2016:0510 openSUSE-SU-2016:0511 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html openSUSE-SU-2016:0512 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8776 BugTraq ID: 83277 http://www.securityfocus.com/bid/83277 Debian Security Information: DSA-3480 (Google Search) Debian Security Information: DSA-3481 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2015-8777 1034811 http://www.securitytracker.com/id/1034811 81469 http://www.securityfocus.com/bid/81469 GLSA-201702-11 RHSA-2017:1916 USN-2985-1 USN-2985-2 [oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23 http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html https://sourceware.org/bugzilla/show_bug.cgi?id=18928 Common Vulnerability Exposure (CVE) ID: CVE-2015-8778 BugTraq ID: 83275 http://www.securityfocus.com/bid/83275 Common Vulnerability Exposure (CVE) ID: CVE-2015-8779 BugTraq ID: 82244 http://www.securityfocus.com/bid/82244
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.