Overview

File _patchinfo of Package patchinfo.3533

<patchinfo incident="3533">
  <issue id="916222" tracker="bnc">VUL-0: CVE-2015-1472: glibc,glibc.i686: heap buffer overflow in glibc swscanf</issue>
  <issue id="915526" tracker="bnc">VUL-0: CVE-2013-7423: glibc,glibc.i686: getaddrinfo() writes DNS queries to random file descriptors under high load</issue>
  <issue id="906371" tracker="bnc">VUL-0: CVE-2014-7817: glibc,glibc.i686: Command execution in wordexp() with WRDE_NOCMD specified</issue>
  <issue id="910599" tracker="bnc">VUL-0: CVE-2014-9402: glibc: denial of service in getnetbyname function</issue>
  <issue id="CVE-2013-7423" tracker="cve" />
  <issue id="CVE-2014-7817" tracker="cve" />
  <issue id="CVE-2014-9402" tracker="cve" />
  <issue id="CVE-2015-1472" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>Andreas_Schwab</packager>
  <description>
Glibc was updated to fix several security issues.

- Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, bsc#910599, BZ #17630)
- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, bsc#906371, BZ #17625)
- Fix invalid file descriptor reuse while sending DNS query (CVE-2013-7423, bsc#915526, BZ #15946)
- Fix buffer overflow in wscanf
  (CVE-2015-1472, bsc#916222, BZ #16618)
</description>
  <summary>Security update for glibc</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places