Test ID:	1.3.6.1.4.1.25623.1.0.121358
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201503-04
Summary:	Gentoo Linux Local Security Checks GLSA 201503-04
Description:	Summary: Gentoo Linux Local Security Checks GLSA 201503-04 Vulnerability Insight: Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3404 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1098 http://rhn.redhat.com/errata/RHSA-2012-1098.html RHSA-2012:1200 http://rhn.redhat.com/errata/RHSA-2012-1200.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities http://www.openwall.com/lists/oss-security/2012/07/11/17 https://bugzilla.redhat.com/show_bug.cgi?id=833703 https://sourceware.org/bugzilla/show_bug.cgi?id=12445 Common Vulnerability Exposure (CVE) ID: CVE-2012-3405 https://bugzilla.redhat.com/show_bug.cgi?id=833704 https://sourceware.org/bugzilla/show_bug.cgi?id=13446 Common Vulnerability Exposure (CVE) ID: CVE-2012-3406 RHSA-2012:1097 http://rhn.redhat.com/errata/RHSA-2012-1097.html RHSA-2012:1185 http://rhn.redhat.com/errata/RHSA-2012-1185.html https://bugzilla.redhat.com/attachment.cgi?id=594722 https://bugzilla.redhat.com/show_bug.cgi?id=826943 Common Vulnerability Exposure (CVE) ID: CVE-2012-3480 1027374 http://www.securitytracker.com/id?1027374 50201 http://secunia.com/advisories/50201 50422 http://secunia.com/advisories/50422 54982 http://www.securityfocus.com/bid/54982 84710 http://osvdb.org/84710 FEDORA-2012-11927 http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html RHSA-2012:1207 http://rhn.redhat.com/errata/RHSA-2012-1207.html RHSA-2012:1208 http://rhn.redhat.com/errata/RHSA-2012-1208.html RHSA-2012:1262 http://rhn.redhat.com/errata/RHSA-2012-1262.html RHSA-2012:1325 http://rhn.redhat.com/errata/RHSA-2012-1325.html [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/4 [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/6 http://sourceware.org/bugzilla/show_bug.cgi?id=14459 Common Vulnerability Exposure (CVE) ID: CVE-2012-4412 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 55113 http://secunia.com/advisories/55113 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130907 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) http://www.openwall.com/lists/oss-security/2012/09/07/9 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://sourceware.org/bugzilla/show_bug.cgi?id=14547 https://bugzilla.redhat.com/show_bug.cgi?id=855385 Common Vulnerability Exposure (CVE) ID: CVE-2012-4424 [oss-security] 20130913 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) http://www.openwall.com/lists/oss-security/2012/09/13/16 https://bugzilla.redhat.com/show_bug.cgi?id=858238 Common Vulnerability Exposure (CVE) ID: CVE-2012-6656 BugTraq ID: 69472 http://www.securityfocus.com/bid/69472 Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.ubuntu.com/usn/USN-2432-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0242 1028063 http://www.securitytracker.com/id/1028063 51951 http://secunia.com/advisories/51951 57638 http://www.securityfocus.com/bid/57638 89747 http://osvdb.org/89747 MDVSA-2013:163 http://www.mandriva.com/security/advisories?name=MDVSA-2013:163 RHSA-2013:0769 http://rhn.redhat.com/errata/RHSA-2013-0769.html RHSA-2013:1605 http://rhn.redhat.com/errata/RHSA-2013-1605.html [libc-alpha] 20130129 [PATCH] Fix buffer overrun in regexp matcher http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html [oss-security] 20130130 Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters http://www.openwall.com/lists/oss-security/2013/01/30/5 glibc-extendbuffers-dos(81707) https://exchange.xforce.ibmcloud.com/vulnerabilities/81707 http://sourceware.org/bugzilla/show_bug.cgi?id=15078 http://www.vmware.com/security/advisories/VMSA-2014-0008.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1914 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices http://seclists.org/fulldisclosure/2021/Sep/0 52817 http://secunia.com/advisories/52817 58839 http://www.securityfocus.com/bid/58839 [oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/03/2 [oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/03/8 [oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/05/1 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://sourceware.org/bugzilla/show_bug.cgi?id=15330 http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7 https://bugzilla.novell.com/show_bug.cgi?id=813121 https://bugzilla.redhat.com/show_bug.cgi?id=947882 Common Vulnerability Exposure (CVE) ID: CVE-2013-2207 SUSE-SU-2015:1424 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html USN-2985-1 http://www.ubuntu.com/usn/USN-2985-1 USN-2985-2 http://www.ubuntu.com/usn/USN-2985-2 [libc-alpha] 20130812 The GNU C Library version 2.18 is now available https://sourceware.org/ml/libc-alpha/2013-08/msg00160.html https://bugzilla.redhat.com/show_bug.cgi?id=976408 https://sourceware.org/bugzilla/show_bug.cgi?id=15755 Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 61729 http://www.securityfocus.com/bid/61729 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4332 62324 http://www.securityfocus.com/bid/62324 RHSA-2013:1411 http://rhn.redhat.com/errata/RHSA-2013-1411.html [oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator http://www.openwall.com/lists/oss-security/2013/09/12/6 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332 https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857 Common Vulnerability Exposure (CVE) ID: CVE-2013-4458 [libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://sourceware.org/bugzilla/show_bug.cgi?id=16072 Common Vulnerability Exposure (CVE) ID: CVE-2013-4788 BugTraq ID: 61183 http://www.securityfocus.com/bid/61183 http://seclists.org/fulldisclosure/2015/Sep/23 http://hmarco.org/bugs/CVE-2013-4788.html http://www.openwall.com/lists/oss-security/2013/07/15/9 Common Vulnerability Exposure (CVE) ID: CVE-2014-4043 BugTraq ID: 68006 http://www.securityfocus.com/bid/68006 Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search) https://seclists.org/bugtraq/2019/Sep/7 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html SuSE Security Announcement: openSUSE-SU-2015:1387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html XForce ISS Database: gnuclibrary-cve20144043-code-exec(93784) https://exchange.xforce.ibmcloud.com/vulnerabilities/93784 Common Vulnerability Exposure (CVE) ID: CVE-2015-0235 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 72325 http://www.securityfocus.com/bid/72325 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search) http://seclists.org/oss-sec/2015/q1/269 Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search) http://seclists.org/oss-sec/2015/q1/274 Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search) http://www.securityfocus.com/archive/1/534845/100/0/threaded Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost http://seclists.org/fulldisclosure/2015/Jan/111 http://seclists.org/fulldisclosure/2022/Jun/36 HPdes Security Advisory: HPSBGN03247 http://marc.info/?l=bugtraq&m=142296726407499&w=2 HPdes Security Advisory: HPSBGN03270 http://marc.info/?l=bugtraq&m=142781412222323&w=2 HPdes Security Advisory: HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 HPdes Security Advisory: HPSBHF03289 http://marc.info/?l=bugtraq&m=142721102728110&w=2 HPdes Security Advisory: HPSBMU03330 http://marc.info/?l=bugtraq&m=143145428124857&w=2 HPdes Security Advisory: SSRT101937 HPdes Security Advisory: SSRT101953 http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9 https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://www.openwall.com/lists/oss-security/2021/05/04/7 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://www.securitytracker.com/id/1032909 http://secunia.com/advisories/62517 http://secunia.com/advisories/62640 http://secunia.com/advisories/62667 http://secunia.com/advisories/62680 http://secunia.com/advisories/62681 http://secunia.com/advisories/62688 http://secunia.com/advisories/62690 http://secunia.com/advisories/62691 http://secunia.com/advisories/62692 http://secunia.com/advisories/62698 http://secunia.com/advisories/62715 http://secunia.com/advisories/62758 http://secunia.com/advisories/62812 http://secunia.com/advisories/62813 http://secunia.com/advisories/62816 http://secunia.com/advisories/62865 http://secunia.com/advisories/62870 http://secunia.com/advisories/62871 http://secunia.com/advisories/62879 http://secunia.com/advisories/62883
Copyright	Copyright (C) 2015 Eero Volotinen

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.