SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2015:0551-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.4.2015.0551.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2015:0551-1)
Summary:	The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2015:0551-1 advisory.
Description:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the SUSE-SU-2015:0551-1 advisory. Vulnerability Insight: This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec (bnc#818628) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 <[link moved to references]> * CVE-2013-0242 <[link moved to references]> * CVE-2013-1914 <[link moved to references]> * CVE-2013-4237 <[link moved to references]> * CVE-2013-4332 <[link moved to references]> * CVE-2013-4788 <[link moved to references]> Affected Software/OS: 'glibc' package(s) on SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Server for SAP Applications 11-SP2. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0864 52201 http://www.securityfocus.com/bid/52201 RHSA-2012:0393 http://rhn.redhat.com/errata/RHSA-2012-0393.html RHSA-2012:0397 http://rhn.redhat.com/errata/RHSA-2012-0397.html RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html RHSA-2012:0531 http://rhn.redhat.com/errata/RHSA-2012-0531.html [libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e http://www.phrack.org/issues.html?issue=67&id=9#article https://bugzilla.redhat.com/show_bug.cgi?id=794766 Common Vulnerability Exposure (CVE) ID: CVE-2012-3404 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1098 http://rhn.redhat.com/errata/RHSA-2012-1098.html RHSA-2012:1200 http://rhn.redhat.com/errata/RHSA-2012-1200.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities http://www.openwall.com/lists/oss-security/2012/07/11/17 https://bugzilla.redhat.com/show_bug.cgi?id=833703 https://sourceware.org/bugzilla/show_bug.cgi?id=12445 Common Vulnerability Exposure (CVE) ID: CVE-2012-3405 https://bugzilla.redhat.com/show_bug.cgi?id=833704 https://sourceware.org/bugzilla/show_bug.cgi?id=13446 Common Vulnerability Exposure (CVE) ID: CVE-2012-3406 RHSA-2012:1097 http://rhn.redhat.com/errata/RHSA-2012-1097.html RHSA-2012:1185 http://rhn.redhat.com/errata/RHSA-2012-1185.html https://bugzilla.redhat.com/attachment.cgi?id=594722 https://bugzilla.redhat.com/show_bug.cgi?id=826943 Common Vulnerability Exposure (CVE) ID: CVE-2012-3480 1027374 http://www.securitytracker.com/id?1027374 50201 http://secunia.com/advisories/50201 50422 http://secunia.com/advisories/50422 54982 http://www.securityfocus.com/bid/54982 84710 http://osvdb.org/84710 FEDORA-2012-11927 http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html RHSA-2012:1207 http://rhn.redhat.com/errata/RHSA-2012-1207.html RHSA-2012:1208 http://rhn.redhat.com/errata/RHSA-2012-1208.html RHSA-2012:1262 http://rhn.redhat.com/errata/RHSA-2012-1262.html RHSA-2012:1325 http://rhn.redhat.com/errata/RHSA-2012-1325.html [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/4 [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/6 http://sourceware.org/bugzilla/show_bug.cgi?id=14459 Common Vulnerability Exposure (CVE) ID: CVE-2012-4412 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 55113 http://secunia.com/advisories/55113 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130907 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) http://www.openwall.com/lists/oss-security/2012/09/07/9 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://sourceware.org/bugzilla/show_bug.cgi?id=14547 https://bugzilla.redhat.com/show_bug.cgi?id=855385 Common Vulnerability Exposure (CVE) ID: CVE-2012-6656 BugTraq ID: 69472 http://www.securityfocus.com/bid/69472 Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.ubuntu.com/usn/USN-2432-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0242 1028063 http://www.securitytracker.com/id/1028063 51951 http://secunia.com/advisories/51951 57638 http://www.securityfocus.com/bid/57638 89747 http://osvdb.org/89747 MDVSA-2013:163 http://www.mandriva.com/security/advisories?name=MDVSA-2013:163 RHSA-2013:0769 http://rhn.redhat.com/errata/RHSA-2013-0769.html RHSA-2013:1605 http://rhn.redhat.com/errata/RHSA-2013-1605.html [libc-alpha] 20130129 [PATCH] Fix buffer overrun in regexp matcher http://sourceware.org/ml/libc-alpha/2013-01/msg00967.html [oss-security] 20130130 Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters http://www.openwall.com/lists/oss-security/2013/01/30/5 glibc-extendbuffers-dos(81707) https://exchange.xforce.ibmcloud.com/vulnerabilities/81707 http://sourceware.org/bugzilla/show_bug.cgi?id=15078 http://www.vmware.com/security/advisories/VMSA-2014-0008.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1914 20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices http://seclists.org/fulldisclosure/2021/Sep/0 52817 http://secunia.com/advisories/52817 58839 http://www.securityfocus.com/bid/58839 [oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/03/2 [oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/03/8 [oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow http://www.openwall.com/lists/oss-security/2013/04/05/1 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://sourceware.org/bugzilla/show_bug.cgi?id=15330 http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7 https://bugzilla.novell.com/show_bug.cgi?id=813121 https://bugzilla.redhat.com/show_bug.cgi?id=947882 Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 61729 http://www.securityfocus.com/bid/61729 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4332 62324 http://www.securityfocus.com/bid/62324 RHSA-2013:1411 http://rhn.redhat.com/errata/RHSA-2013-1411.html [oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator http://www.openwall.com/lists/oss-security/2013/09/12/6 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332 https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857 Common Vulnerability Exposure (CVE) ID: CVE-2013-4357 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html http://www.openwall.com/lists/oss-security/2013/09/17/4 http://www.openwall.com/lists/oss-security/2013/09/17/8 http://www.openwall.com/lists/oss-security/2015/01/28/18 http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.openwall.com/lists/oss-security/2015/02/24/3 http://www.securityfocus.com/bid/67992 http://www.ubuntu.com/usn/USN-2306-1 http://www.ubuntu.com/usn/USN-2306-2 http://www.ubuntu.com/usn/USN-2306-3 https://access.redhat.com/security/cve/cve-2013-4357 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357 https://exchange.xforce.ibmcloud.com/vulnerabilities/95103 https://security-tracker.debian.org/tracker/CVE-2013-4357 Common Vulnerability Exposure (CVE) ID: CVE-2013-4788 BugTraq ID: 61183 http://www.securityfocus.com/bid/61183 http://seclists.org/fulldisclosure/2015/Sep/23 http://hmarco.org/bugs/CVE-2013-4788.html http://www.openwall.com/lists/oss-security/2013/07/15/9 Common Vulnerability Exposure (CVE) ID: CVE-2013-7423 BugTraq ID: 72844 http://www.securityfocus.com/bid/72844 https://security.gentoo.org/glsa/201602-02 http://www.openwall.com/lists/oss-security/2015/01/28/20 RedHat Security Advisories: RHSA-2015:0863 http://rhn.redhat.com/errata/RHSA-2015-0863.html RedHat Security Advisories: RHSA-2016:1207 https://access.redhat.com/errata/RHSA-2016:1207 SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://www.ubuntu.com/usn/USN-2519-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-5119 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit http://seclists.org/fulldisclosure/2014/Aug/69 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 60345 http://secunia.com/advisories/60345 60358 http://secunia.com/advisories/60358 60441 http://secunia.com/advisories/60441 61074 http://secunia.com/advisories/61074 61093 http://secunia.com/advisories/61093 68983 http://www.securityfocus.com/bid/68983 69738 http://www.securityfocus.com/bid/69738 DSA-3012 http://www.debian.org/security/2014/dsa-3012 GLSA-201602-02 MDVSA-2014:175 RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html RHSA-2014:1118 http://rhn.redhat.com/errata/RHSA-2014-1118.html SUSE-SU-2014:1125 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues) http://www.openwall.com/lists/oss-security/2014/08/13/5 [oss-security] 20170713 glibc locale issues http://www.openwall.com/lists/oss-security/2014/07/14/1 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://www-01.ibm.com/support/docview.wss?uid=swg21685604 https://code.google.com/p/google-security-research/issues/detail?id=96 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 Common Vulnerability Exposure (CVE) ID: CVE-2014-6040 62100 http://secunia.com/advisories/62100 62146 http://secunia.com/advisories/62146 69472 DSA-3142 USN-2432-1 http://ubuntu.com/usn/usn-2432-1 [oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages [oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages http://linux.oracle.com/errata/ELSA-2015-0016.html https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6 Common Vulnerability Exposure (CVE) ID: CVE-2014-7817 71216 http://www.securityfocus.com/bid/71216 RHSA-2014:2023 http://rhn.redhat.com/errata/RHSA-2014-2023.html [libc-alpha] 20141119 [COMMITTED] CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html [oss-security] 20141120 CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified http://seclists.org/oss-sec/2014/q4/730 gnu-glibc-cve20147817-command-exec(98852) https://exchange.xforce.ibmcloud.com/vulnerabilities/98852 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://sourceware.org/bugzilla/show_bug.cgi?id=17625 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c openSUSE-SU-2015:0351 Common Vulnerability Exposure (CVE) ID: CVE-2014-9402 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 71670 http://www.securityfocus.com/bid/71670 RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:0805 USN-2519-1 [oss-security] 20141217 Re: CVE request: glibc http://www.openwall.com/lists/oss-security/2014/12/18/1 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html https://sourceware.org/bugzilla/show_bug.cgi?id=17630 Common Vulnerability Exposure (CVE) ID: CVE-2015-0235 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 72325 http://www.securityfocus.com/bid/72325 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search) http://seclists.org/oss-sec/2015/q1/269 Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search) http://seclists.org/oss-sec/2015/q1/274 Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search) http://www.securityfocus.com/archive/1/534845/100/0/threaded Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost http://seclists.org/fulldisclosure/2015/Jan/111 http://seclists.org/fulldisclosure/2022/Jun/36 HPdes Security Advisory: HPSBGN03247 http://marc.info/?l=bugtraq&m=142296726407499&w=2 HPdes Security Advisory: HPSBGN03270 http://marc.info/?l=bugtraq&m=142781412222323&w=2 HPdes Security Advisory: HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 HPdes Security Advisory: HPSBHF03289 http://marc.info/?l=bugtraq&m=142721102728110&w=2 HPdes Security Advisory: HPSBMU03330 http://marc.info/?l=bugtraq&m=143145428124857&w=2 HPdes Security Advisory: SSRT101937 HPdes Security Advisory: SSRT101953 http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9 https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://www.openwall.com/lists/oss-security/2021/05/04/7 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://www.securitytracker.com/id/1032909 http://secunia.com/advisories/62517 http://secunia.com/advisories/62640 http://secunia.com/advisories/62667 http://secunia.com/advisories/62680 http://secunia.com/advisories/62681 http://secunia.com/advisories/62688 http://secunia.com/advisories/62690 http://secunia.com/advisories/62691 http://secunia.com/advisories/62692 http://secunia.com/advisories/62698 http://secunia.com/advisories/62715 http://secunia.com/advisories/62758 http://secunia.com/advisories/62812 http://secunia.com/advisories/62813 http://secunia.com/advisories/62816 http://secunia.com/advisories/62865 http://secunia.com/advisories/62870 http://secunia.com/advisories/62871 http://secunia.com/advisories/62879 http://secunia.com/advisories/62883 Common Vulnerability Exposure (CVE) ID: CVE-2015-1472 BugTraq ID: 72428 http://www.securityfocus.com/bid/72428 Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search) https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1
Copyright	Copyright (C) 2021 Greenbone AG