Test ID:	1.3.6.1.4.1.25623.1.1.10.2015.0013
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0013)
Summary:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0013 advisory.
Description:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0013 advisory. Vulnerability Insight: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating the SPECS array, which allows context- dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers (CVE-2012-3406). The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format (CVE-2014-9402). Also glibc lock elision (new feature in glibc 2.18) has been disabled as it can break glibc at runtime on newer Intel hardware (due to hardware bug) Affected Software/OS: 'glibc' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3406 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1097 http://rhn.redhat.com/errata/RHSA-2012-1097.html RHSA-2012:1098 http://rhn.redhat.com/errata/RHSA-2012-1098.html RHSA-2012:1185 http://rhn.redhat.com/errata/RHSA-2012-1185.html RHSA-2012:1200 http://rhn.redhat.com/errata/RHSA-2012-1200.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities http://www.openwall.com/lists/oss-security/2012/07/11/17 https://bugzilla.redhat.com/attachment.cgi?id=594722 https://bugzilla.redhat.com/show_bug.cgi?id=826943 Common Vulnerability Exposure (CVE) ID: CVE-2014-9402 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 71670 http://www.securityfocus.com/bid/71670 GLSA-201602-02 https://security.gentoo.org/glsa/201602-02 RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:0805 USN-2519-1 http://www.ubuntu.com/usn/USN-2519-1 [oss-security] 20141217 Re: CVE request: glibc http://www.openwall.com/lists/oss-security/2014/12/18/1 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html https://sourceware.org/bugzilla/show_bug.cgi?id=17630 openSUSE-SU-2015:0351 http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.