Test ID:	1.3.6.1.4.1.25623.1.1.4.2013.1251.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2013:1251-1)
Summary:	The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2013:1251-1 advisory.
Description:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2013:1251-1 advisory. Vulnerability Insight: This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: * Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) * Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) * Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) * Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) * Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] * Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) * Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed: * Fix locking in _IO_cleanup. (bnc#796982) * Fix resolver when first query fails, but seconds succeeds. [bnc #767266] Security Issue references: * CVE-2013-1914 > * CVE-2010-4756 > * CVE-2012-3480 > * CVE-2012-3405 > * CVE-2012-3406 > * CVE-2011-1089 > Affected Software/OS: 'glibc' package(s) on SUSE Linux Enterprise Server 11-SP1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4756 http://cxib.net/stuff/glob-0day.c http://securityreason.com/exploitalert/9223 https://bugzilla.redhat.com/show_bug.cgi?id=681681 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756 http://securityreason.com/achievement_securityalert/89 Common Vulnerability Exposure (CVE) ID: CVE-2011-1089 46740 http://www.securityfocus.com/bid/46740 MDVSA-2011:178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 MDVSA-2011:179 http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 RHSA-2011:1526 http://www.redhat.com/support/errata/RHSA-2011-1526.html [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/04/11 [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/04/9 [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/04/10 http://openwall.com/lists/oss-security/2011/03/04/12 [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/05/3 http://openwall.com/lists/oss-security/2011/03/05/7 [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/07/9 [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/14/16 http://openwall.com/lists/oss-security/2011/03/14/5 http://openwall.com/lists/oss-security/2011/03/14/7 [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/15/6 [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/22/4 http://openwall.com/lists/oss-security/2011/03/22/6 [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/03/31/3 http://openwall.com/lists/oss-security/2011/03/31/4 [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE http://openwall.com/lists/oss-security/2011/04/01/2 http://sourceware.org/bugzilla/show_bug.cgi?id=12625 https://bugzilla.redhat.com/show_bug.cgi?id=688980 Common Vulnerability Exposure (CVE) ID: CVE-2012-3405 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1098 http://rhn.redhat.com/errata/RHSA-2012-1098.html RHSA-2012:1200 http://rhn.redhat.com/errata/RHSA-2012-1200.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities http://www.openwall.com/lists/oss-security/2012/07/11/17 https://bugzilla.redhat.com/show_bug.cgi?id=833704 https://sourceware.org/bugzilla/show_bug.cgi?id=13446 Common Vulnerability Exposure (CVE) ID: CVE-2012-3406 RHSA-2012:1097 http://rhn.redhat.com/errata/RHSA-2012-1097.html RHSA-2012:1185 http://rhn.redhat.com/errata/RHSA-2012-1185.html https://bugzilla.redhat.com/attachment.cgi?id=594722 https://bugzilla.redhat.com/show_bug.cgi?id=826943 Common Vulnerability Exposure (CVE) ID: CVE-2012-3480 1027374 http://www.securitytracker.com/id?1027374 50201 http://secunia.com/advisories/50201 50422 http://secunia.com/advisories/50422 54982 http://www.securityfocus.com/bid/54982 84710 http://osvdb.org/84710 FEDORA-2012-11927 http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html RHSA-2012:1207 http://rhn.redhat.com/errata/RHSA-2012-1207.html RHSA-2012:1208 http://rhn.redhat.com/errata/RHSA-2012-1208.html RHSA-2012:1262 http://rhn.redhat.com/errata/RHSA-2012-1262.html RHSA-2012:1325 http://rhn.redhat.com/errata/RHSA-2012-1325.html [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/4 [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/6 http://sourceware.org/bugzilla/show_bug.cgi?id=14459 Common Vulnerability Exposure (CVE) ID: CVE-2013-1914 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices http://seclists.org/fulldisclosure/2021/Sep/0 52817 http://secunia.com/advisories/52817 55113 http://secunia.com/advisories/55113 58839 http://www.securityfocus.com/bid/58839 MDVSA-2013:163 http://www.mandriva.com/security/advisories?name=MDVSA-2013:163 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 RHSA-2013:0769 http://rhn.redhat.com/errata/RHSA-2013-0769.html RHSA-2013:1605 http://rhn.redhat.com/errata/RHSA-2013-1605.html USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/03/2 [oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/03/8 [oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/05/1 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://sourceware.org/bugzilla/show_bug.cgi?id=15330 http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7 http://www.vmware.com/security/advisories/VMSA-2014-0008.html https://bugzilla.novell.com/show_bug.cgi?id=813121 https://bugzilla.redhat.com/show_bug.cgi?id=947882
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.