Overview

File _patchinfo of Package patchinfo.400

<patchinfo incident="400">
  <issue id="916222" tracker="bnc">VUL-0: CVE-2015-1472: glibc,glibc.i686: heap buffer overflow in glibc swscanf</issue>
  <issue id="910599" tracker="bnc">VUL-0: CVE-2014-9402: glibc: denial of service in getnetbyname function</issue>
  <issue id="915526" tracker="bnc">VUL-0: CVE-2013-7423: glibc,glibc.i686: getaddrinfo() writes DNS queries to random file descriptors under high load</issue>
  <issue id="909053" tracker="bnc">getaddrinfo()/make_request() may spin forever</issue>
  <issue id="915985" tracker="bnc">L3: dracut produces invalid initrd if /var/tmp is on tmpfs with noexec flag</issue>
  <issue id="864081" tracker="bnc">fsppadm panic at glibc when creating a new thread</issue>
  <issue id="906371" tracker="bnc">VUL-0: CVE-2014-7817: glibc,glibc.i686: Command execution in wordexp() with WRDE_NOCMD specified</issue>
  <issue id="905313" tracker="bnc">glibc headers use gcc extensions when included by non-gcc compiler</issue>
  <issue id="CVE-2014-9402" tracker="cve" />
  <issue id="CVE-2015-1472" tracker="cve" />
  <issue id="CVE-2013-7423" tracker="cve" />
  <issue id="CVE-2014-7817" tracker="cve" />
 <category>security</category>
  <rating>moderate</rating>
  <packager>Andreas_Schwab</packager>
  <description>glibc has been updated to fix four security issues.

These security issues were fixed:
- CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))" (bnc#906371).
- CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222).
- CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599).
- CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526).

These non-security issues were fixed:
- Fix infinite loop in check_pf (bsc#909053)
- Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985).
- Don't touch user-controlled stdio locks in forked child (bsc#864081)
- Don't use gcc extensions for non-gcc compilers (bsc#905313)
  </description>
  <summary>Security update for glibc</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places