Test ID:	1.3.6.1.4.1.25623.1.1.13.2014.296.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2014-296-01)
Summary:	The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2014-296-01 advisory.
Description:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2014-296-01 advisory. Vulnerability Insight: New glibc packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-8_slack14.1.txz: Rebuilt. This update fixes several security issues, and adds an extra security hardening patch from Florian Weimer. Thanks to mancha for help with tracking and backporting patches. For more information, see: [links moved to references] (* Security fix *) patches/packages/glibc-i18n-2.17-i486-8_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-8_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-8_slack14.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2014i-noarch-1_slack14.1.txz: Upgraded. Upgraded to tzcode2014i and tzdata2014i. +--------------------------+ Affected Software/OS: 'glibc' package(s) on Slackware 14.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4412 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 55113 http://secunia.com/advisories/55113 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130907 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) http://www.openwall.com/lists/oss-security/2012/09/07/9 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://sourceware.org/bugzilla/show_bug.cgi?id=14547 https://bugzilla.redhat.com/show_bug.cgi?id=855385 Common Vulnerability Exposure (CVE) ID: CVE-2012-4424 [oss-security] 20130913 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) http://www.openwall.com/lists/oss-security/2012/09/13/16 https://bugzilla.redhat.com/show_bug.cgi?id=858238 Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 61729 http://www.securityfocus.com/bid/61729 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4458 SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html [libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://sourceware.org/bugzilla/show_bug.cgi?id=16072 Common Vulnerability Exposure (CVE) ID: CVE-2013-4788 BugTraq ID: 61183 http://www.securityfocus.com/bid/61183 http://seclists.org/fulldisclosure/2015/Sep/23 http://hmarco.org/bugs/CVE-2013-4788.html http://www.openwall.com/lists/oss-security/2013/07/15/9 Common Vulnerability Exposure (CVE) ID: CVE-2014-0475 BugTraq ID: 68505 http://www.securityfocus.com/bid/68505 Debian Security Information: DSA-2976 (Google Search) http://www.debian.org/security/2014/dsa-2976 https://security.gentoo.org/glsa/201602-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://www.openwall.com/lists/oss-security/2014/07/10/7 http://www.openwall.com/lists/oss-security/2014/07/14/6 RedHat Security Advisories: RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html http://www.securitytracker.com/id/1030569 Common Vulnerability Exposure (CVE) ID: CVE-2014-4043 BugTraq ID: 68006 http://www.securityfocus.com/bid/68006 Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search) https://seclists.org/bugtraq/2019/Sep/7 http://seclists.org/fulldisclosure/2019/Sep/7 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html SuSE Security Announcement: openSUSE-SU-2015:1387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html XForce ISS Database: gnuclibrary-cve20144043-code-exec(93784) https://exchange.xforce.ibmcloud.com/vulnerabilities/93784 Common Vulnerability Exposure (CVE) ID: CVE-2014-5119 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit http://seclists.org/fulldisclosure/2014/Aug/69 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 60345 http://secunia.com/advisories/60345 60358 http://secunia.com/advisories/60358 60441 http://secunia.com/advisories/60441 61074 http://secunia.com/advisories/61074 61093 http://secunia.com/advisories/61093 68983 http://www.securityfocus.com/bid/68983 69738 http://www.securityfocus.com/bid/69738 DSA-3012 http://www.debian.org/security/2014/dsa-3012 GLSA-201602-02 MDVSA-2014:175 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 RHSA-2014:1110 RHSA-2014:1118 http://rhn.redhat.com/errata/RHSA-2014-1118.html SUSE-SU-2014:1125 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues) http://www.openwall.com/lists/oss-security/2014/08/13/5 [oss-security] 20170713 glibc locale issues http://www.openwall.com/lists/oss-security/2014/07/14/1 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://www-01.ibm.com/support/docview.wss?uid=swg21685604 https://code.google.com/p/google-security-research/issues/detail?id=96 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 Common Vulnerability Exposure (CVE) ID: CVE-2014-6040 62100 http://secunia.com/advisories/62100 62146 http://secunia.com/advisories/62146 69472 http://www.securityfocus.com/bid/69472 DSA-3142 http://www.debian.org/security/2015/dsa-3142 USN-2432-1 http://ubuntu.com/usn/usn-2432-1 [oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages http://www.openwall.com/lists/oss-security/2014/08/29/3 [oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages http://www.openwall.com/lists/oss-security/2014/09/02/1 http://linux.oracle.com/errata/ELSA-2015-0016.html https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.