|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for glibc RHSA-2015:0090-01|
|Summary:||The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'glibc'
package(s) announced via the referenced advisory.
The glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
Red Hat would like to thank Qualys for reporting this issue.
All glibc users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
glibc on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2015-0235|
BugTraq ID: 72325
BugTraq ID: 91787
Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search)
Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search)
Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search)
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
Debian Security Information: DSA-3142 (Google Search)
HPdes Security Advisory: HPSBGN03247
HPdes Security Advisory: HPSBGN03270
HPdes Security Advisory: HPSBGN03285
HPdes Security Advisory: HPSBHF03289
HPdes Security Advisory: HPSBMU03330
HPdes Security Advisory: SSRT101937
HPdes Security Advisory: SSRT101953
RedHat Security Advisories: RHSA-2015:0126
|Copyright||Copyright (C) 2015 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.