Test ID:	1.3.6.1.4.1.25623.1.0.121082
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201312-01
Summary:	Gentoo Linux Local Security Checks GLSA 201312-01
Description:	Summary: Gentoo Linux Local Security Checks GLSA 201312-01 Vulnerability Insight: Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5029 20111203 VSFTPD Remote Heap Overrun (low severity) http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html [libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/ http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2 https://bugzilla.redhat.com/show_bug.cgi?id=761245 Common Vulnerability Exposure (CVE) ID: CVE-2010-3847 20101018 The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/257 20101019 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/292 20101020 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/294 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap http://www.securityfocus.com/archive/1/515545/100/0/threaded 42787 http://secunia.com/advisories/42787 44024 https://www.exploit-db.com/exploits/44024/ 44025 https://www.exploit-db.com/exploits/44025/ 44154 http://www.securityfocus.com/bid/44154 ADV-2011-0025 http://www.vupen.com/english/advisories/2011/0025 DSA-2122 http://www.debian.org/security/2010/dsa-2122 GLSA-201011-01 http://security.gentoo.org/glsa/glsa-201011-01.xml MDVSA-2010:207 http://www.mandriva.com/security/advisories?name=MDVSA-2010:207 RHSA-2010:0787 https://rhn.redhat.com/errata/RHSA-2010-0787.html RHSA-2010:0872 http://www.redhat.com/support/errata/RHSA-2010-0872.html SUSE-SA:2010:052 https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html USN-1009-1 http://www.ubuntu.com/usn/USN-1009-1 VU#537223 http://www.kb.cert.org/vuls/id/537223 [libc-hacker] 20101018 [PATCH] Never expand $ORIGIN in privileged programs http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html http://support.avaya.com/css/P8/documents/100120941 http://www.vmware.com/security/advisories/VMSA-2011-0001.html https://bugzilla.redhat.com/show_bug.cgi?id=643306 Common Vulnerability Exposure (CVE) ID: CVE-2011-0536 1025289 http://securitytracker.com/id?1025289 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 43830 http://secunia.com/advisories/43830 43989 http://secunia.com/advisories/43989 46397 http://secunia.com/advisories/46397 ADV-2011-0863 http://www.vupen.com/english/advisories/2011/0863 DSA-2122-2 http://lists.debian.org/debian-security-announce/2011/msg00005.html MDVSA-2011:178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 RHSA-2011:0412 http://www.redhat.com/support/errata/RHSA-2011-0412.html RHSA-2011:0413 http://www.redhat.com/support/errata/RHSA-2011-0413.html USN-1009-2 http://www.ubuntu.com/usn/USN-1009-2 [oss-security] 20110203 CVE request: glibc CVE-2010-3847 fix regression http://openwall.com/lists/oss-security/2011/02/01/3 [oss-security] 20110203 Re: CVE request: glibc CVE-2010-3847 fix regression http://openwall.com/lists/oss-security/2011/02/03/2 http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=96611391ad8823ba58405325d78cefeae5cdf699 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=667974 https://launchpad.net/bugs/701783 oval:org.mitre.oval:def:13086 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13086 Common Vulnerability Exposure (CVE) ID: CVE-2011-1071 1025290 http://securitytracker.com/id?1025290 20110224 glibc and alloca() http://seclists.org/fulldisclosure/2011/Feb/635 20110226 Re: glibc and alloca() http://seclists.org/fulldisclosure/2011/Feb/644 43492 http://secunia.com/advisories/43492 46563 http://www.securityfocus.com/bid/46563 8175 http://securityreason.com/securityalert/8175 [oss-security] 20110228 Re: cve request: eglibc memory corruption http://openwall.com/lists/oss-security/2011/02/28/11 http://openwall.com/lists/oss-security/2011/02/28/15 [oss-security] 20110228 cve request: eglibc memory corruption http://openwall.com/lists/oss-security/2011/02/26/3 http://bugs.debian.org/615120 http://code.google.com/p/chromium/issues/detail?id=48733 http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html http://sourceware.org/bugzilla/show_bug.cgi?id=11883 http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6 https://bugzilla.redhat.com/show_bug.cgi?id=681054 oval:org.mitre.oval:def:12853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853 Common Vulnerability Exposure (CVE) ID: CVE-2011-1089 46740 http://www.securityfocus.com/bid/46740 MDVSA-2011:179 http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 RHSA-2011:1526 http://www.redhat.com/support/errata/RHSA-2011-1526.html [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/04/11 [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/04/9 [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/04/10 http://openwall.com/lists/oss-security/2011/03/04/12 [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/05/3 http://openwall.com/lists/oss-security/2011/03/05/7 [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/07/9 [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/14/16 http://openwall.com/lists/oss-security/2011/03/14/5 http://openwall.com/lists/oss-security/2011/03/14/7 [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/15/6 [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/22/4 http://openwall.com/lists/oss-security/2011/03/22/6 [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/31/3 http://openwall.com/lists/oss-security/2011/03/31/4 [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/04/01/2 http://sourceware.org/bugzilla/show_bug.cgi?id=12625 https://bugzilla.redhat.com/show_bug.cgi?id=688980 Common Vulnerability Exposure (CVE) ID: CVE-2011-1095 1025286 http://securitytracker.com/id?1025286 43976 http://secunia.com/advisories/43976 [oss-security] 20110308 Re: glibc locale escaping issue http://openwall.com/lists/oss-security/2011/03/08/21 http://openwall.com/lists/oss-security/2011/03/08/22 [oss-security] 20110308 glibc locale escaping issue http://openwall.com/lists/oss-security/2011/03/08/8 http://bugs.gentoo.org/show_bug.cgi?id=330923 http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 http://sourceware.org/bugzilla/show_bug.cgi?id=11904 http://sourceware.org/git/?p=glibc.git%3Ba=patch%3Bh=026373745eab50a683536d950cb7e17dc98c4259 https://bugzilla.redhat.com/show_bug.cgi?id=625893 oval:org.mitre.oval:def:12272 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272 Common Vulnerability Exposure (CVE) ID: CVE-2011-1658 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://sourceware.org/bugzilla/show_bug.cgi?id=12393 XForce ISS Database: gnuclibrary-ldso-priv-esc(66820) https://exchange.xforce.ibmcloud.com/vulnerabilities/66820 Common Vulnerability Exposure (CVE) ID: CVE-2011-1659 http://www.securitytracker.com/id?1025450 http://secunia.com/advisories/44353 XForce ISS Database: gnuclibrary-fnmatch-dos(66819) https://exchange.xforce.ibmcloud.com/vulnerabilities/66819 Common Vulnerability Exposure (CVE) ID: CVE-2012-0864 52201 http://www.securityfocus.com/bid/52201 RHSA-2012:0393 http://rhn.redhat.com/errata/RHSA-2012-0393.html RHSA-2012:0397 http://rhn.redhat.com/errata/RHSA-2012-0397.html RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html RHSA-2012:0531 http://rhn.redhat.com/errata/RHSA-2012-0531.html [libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e http://www.phrack.org/issues.html?issue=67&id=9#article https://bugzilla.redhat.com/show_bug.cgi?id=794766
Copyright	Copyright (C) 2015 Eero Volotinen

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.