patchinfo.3533 - openSUSE Build Service

Security update for glibc

Glibc was updated to fix several security issues.

- Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, bsc#910599, BZ #17630)
- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, bsc#906371, BZ #17625)
- Fix invalid file descriptor reuse while sending DNS query (CVE-2013-7423, bsc#915526, BZ #15946)
- Fix buffer overflow in wscanf
(CVE-2015-1472, bsc#916222, BZ #16618)

Submitted by Andreas Schwab (Andreas_Schwab)

Fixed bugs

VUL-0: CVE-2015-1472: glibc,glibc.i686: heap buffer overflow in glibc swscanf

VUL-0: CVE-2013-7423: glibc,glibc.i686: getaddrinfo() writes DNS queries to random file descriptors under high load

VUL-0: CVE-2014-7817: glibc,glibc.i686: Command execution in wordexp() with WRDE_NOCMD specified

VUL-0: CVE-2014-9402: glibc: denial of service in getnetbyname function

CVE-CVE-2013-7423

CVE-CVE-2014-7817

CVE-CVE-2014-9402

CVE-CVE-2015-1472

Selected Binaries

openSUSE Build Service is sponsored by