Security update for glibc, glibc-testsuite, glibc-utils, glibc.i686 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0955-1 Final 1 1 2015-06-17T18:36:22Z current 2015-06-17T18:36:22Z 2015-06-17T18:36:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc, glibc-testsuite, glibc-utils, glibc.i686 glibc was updated to fix security issues and bugs: - Separate internal state between getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007) - Fix read past end of pattern in fnmatch (bsc#920338, BZ #17062, BZ #18032, BZ #18036) - Fix buffer overflow in nss_dns (CVE-2015-1781, bsc#927080, BZ #18287) Also this bug got fixed: - Simplify handling of nameserver configuration in resolver (bsc#917539) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-05/msg00084.html E-Mail link for openSUSE-SU-2015:0955-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings glibc-2.18-4.35.1 glibc-32bit-2.18-4.35.1 glibc-devel-2.18-4.35.1 glibc-devel-32bit-2.18-4.35.1 glibc-devel-static-2.18-4.35.1 glibc-devel-static-32bit-2.18-4.35.1 glibc-extra-2.18-4.35.1 glibc-html-2.18-4.35.1 glibc-i18ndata-2.18-4.35.1 glibc-info-2.18-4.35.1 glibc-locale-2.18-4.35.1 glibc-locale-32bit-2.18-4.35.1 glibc-obsolete-2.18-4.35.1 glibc-profile-2.18-4.35.1 glibc-profile-32bit-2.18-4.35.1 glibc-testsuite-2.18-4.35.2 glibc-utils-2.18-4.35.1 glibc-utils-32bit-2.18-4.35.1 nscd-2.18-4.35.1 DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. CVE-2014-8121 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00084.html https://www.suse.com/security/cve/CVE-2014-8121.html CVE-2014-8121 https://bugzilla.suse.com/918187 SUSE Bug 918187 https://bugzilla.suse.com/939211 SUSE Bug 939211 https://bugzilla.suse.com/945779 SUSE Bug 945779 Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. CVE-2015-1781 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00084.html https://www.suse.com/security/cve/CVE-2015-1781.html CVE-2015-1781 https://bugzilla.suse.com/927080 SUSE Bug 927080 https://bugzilla.suse.com/939211 SUSE Bug 939211