Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2023-0270)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2023.0270

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2023-0270)

Resumen: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2023-0270 advisory.

Descripción: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2023-0270 advisory.

Vulnerability Insight:
getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)

Stack read overflow with large TCP responses in no-aaaa mode
(CVE-2023-4527)

elf: Introduce to _dl_call_fini
elf: Do not run constructors for proxy objects
elf: Always call destructors in reverse constructor order [BZ #30785]
elf: Remove unused l_text_end field from struct link_map
elf: Move l_init_called_next to old place of l_text_end in link map
elf: Fix slow tls access after dlopen [BZ #19924]
intl: Treat C.UTF-8 locale like C locale [BZ# 16621]
x86: Increase non_temporal_threshold to roughly 'sizeof_L3 / 4'
x86: Fix slight bug in shared_per_thread cache size calculation
x86: Use 3/4*sizeof(per-thread-L3) as low bound for NT threshold
x86: Fix incorrect scope of setting shared_per_thread [BZ #30745]

Affected Software/OS:
'glibc' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
6.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-4527
RHBZ#2234712
https://bugzilla.redhat.com/show_bug.cgi?id=2234712
RHSA-2023:5453
https://access.redhat.com/errata/RHSA-2023:5453
RHSA-2023:5455
https://access.redhat.com/errata/RHSA-2023:5455
http://www.openwall.com/lists/oss-security/2023/09/25/1
https://access.redhat.com/security/cve/CVE-2023-4527
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231116-0012/
Common Vulnerability Exposure (CVE) ID: CVE-2023-4806
RHBZ#2237782
https://bugzilla.redhat.com/show_bug.cgi?id=2237782
RHSA-2023:7409
https://access.redhat.com/errata/RHSA-2023:7409
http://www.openwall.com/lists/oss-security/2023/10/03/4
http://www.openwall.com/lists/oss-security/2023/10/03/5
http://www.openwall.com/lists/oss-security/2023/10/03/6
http://www.openwall.com/lists/oss-security/2023/10/03/8
https://access.redhat.com/security/cve/CVE-2023-4806
https://security.netapp.com/advisory/ntap-20240125-0008/

Copyright Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0270
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0270)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2023-0270 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2023-0270 advisory. Vulnerability Insight: getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527) elf: Introduce to _dl_call_fini elf: Do not run constructors for proxy objects elf: Always call destructors in reverse constructor order [BZ #30785] elf: Remove unused l_text_end field from struct link_map elf: Move l_init_called_next to old place of l_text_end in link map elf: Fix slow tls access after dlopen [BZ #19924] intl: Treat C.UTF-8 locale like C locale [BZ# 16621] x86: Increase non_temporal_threshold to roughly 'sizeof_L3 / 4' x86: Fix slight bug in shared_per_thread cache size calculation x86: Use 3/4*sizeof(per-thread-L3) as low bound for NT threshold x86: Fix incorrect scope of setting shared_per_thread [BZ #30745] Affected Software/OS: 'glibc' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 6.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-4527 RHBZ#2234712 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5453 RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:5455 http://www.openwall.com/lists/oss-security/2023/09/25/1 https://access.redhat.com/security/cve/CVE-2023-4527 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231116-0012/ Common Vulnerability Exposure (CVE) ID: CVE-2023-4806 RHBZ#2237782 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 RHSA-2023:7409 https://access.redhat.com/errata/RHSA-2023:7409 http://www.openwall.com/lists/oss-security/2023/10/03/4 http://www.openwall.com/lists/oss-security/2023/10/03/5 http://www.openwall.com/lists/oss-security/2023/10/03/6 http://www.openwall.com/lists/oss-security/2023/10/03/8 https://access.redhat.com/security/cve/CVE-2023-4806 https://security.netapp.com/advisory/ntap-20240125-0008/
Copyright	Copyright (C) 2023 Greenbone AG