Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2014-1391)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123285

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2014-1391)

Summary: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.

Description: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.

Vulnerability Insight:
[2.12-1.149]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

[2.12-1.148]
- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).

[2.12-1.147]
- Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460).
- Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460).

[2.12-1.146]
- Fix memory order when reading libgcc handle (#905941).
- Fix format specifier in malloc_info output (#1027261).
- Fix nscd lookup for innetgr when netgroup has wildcards (#1054846).

[2.12-1.145]
- Add mmap usage to malloc_info output (#1027261).

[2.12-1.144]
- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833).

[2.12-1.143]
- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).
- [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025).

[2.12-1.142]
- Also relocate in dependency order when doing symbol dependency testing
(#1019916).

[2.12-1.141]
- Fix infinite loop in nscd when netgroup is empty (#1085273).
- Provide correct buffer length to netgroup queries in nscd (#1074342).
- Return NULL for wildcard values in getnetgrent from nscd (#1085289).
- Avoid overlapping addresses to stpcpy calls in nscd (#1082379).
- Initialize all of datahead structure in nscd (#1074353).

[2.12-1.140]
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628).

[2.12-1.139]
- Do not fail if one of the two responses to AF_UNSPEC fails (#845218).

[2.12-1.138]
- nscd: Make SELinux checks dynamic (#1025933).

[2.12-1.137]
- Fix race in free() of fastbin chunk (#1027101).

[2.12-1.136]
- Fix copy relocations handling of unique objects (#1032628).

[2.12-1.135]
- Fix encoding name for IDN in getaddrinfo (#981942).

[2.12-1.134]
- Fix return code from getent netgroup when the netgroup is not found (#1039988).
- Fix handling of static TLS in dlopen'ed objects (#995972).

[2.12-1.133]
- Don't use alloca in addgetnetgrentX (#1043557).
- Adjust pointers to triplets in netgroup query data (#1043557).

Affected Software/OS:
'glibc' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4237
55113
http://secunia.com/advisories/55113
61729
http://www.securityfocus.com/bid/61729
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
USN-1991-1
http://www.ubuntu.com/usn/USN-1991-1
[oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
http://www.openwall.com/lists/oss-security/2013/08/12/8
https://bugzilla.redhat.com/show_bug.cgi?id=995839
https://sourceware.org/bugzilla/show_bug.cgi?id=14699
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3
Common Vulnerability Exposure (CVE) ID: CVE-2013-4458
MDVSA-2013:284
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
SUSE-SU-2016:0470
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
[libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests
https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
https://sourceware.org/bugzilla/show_bug.cgi?id=16072

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123285
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2014-1391)
Summary:	The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory.
Description:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2014-1391 advisory. Vulnerability Insight: [2.12-1.149] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, [2.12-1.148] - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). [2.12-1.147] - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). [2.12-1.146] - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). [2.12-1.145] - Add mmap usage to malloc_info output (#1027261). [2.12-1.144] - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). [2.12-1.143] - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). [2.12-1.142] - Also relocate in dependency order when doing symbol dependency testing (#1019916). [2.12-1.141] - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). [2.12-1.140] - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). [2.12-1.139] - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). [2.12-1.138] - nscd: Make SELinux checks dynamic (#1025933). [2.12-1.137] - Fix race in free() of fastbin chunk (#1027101). [2.12-1.136] - Fix copy relocations handling of unique objects (#1032628). [2.12-1.135] - Fix encoding name for IDN in getaddrinfo (#981942). [2.12-1.134] - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). [2.12-1.133] - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557). Affected Software/OS: 'glibc' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 55113 http://secunia.com/advisories/55113 61729 http://www.securityfocus.com/bid/61729 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4458 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html [libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://sourceware.org/bugzilla/show_bug.cgi?id=16072
Copyright	Copyright (C) 2015 Greenbone AG