glibc-2.24-2.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10154-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.24-2.3 on GA media These are all security issues fixed in the glibc-2.24-2.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10154 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-5029/ SUSE CVE CVE-2009-5029 page https://www.suse.com/security/cve/CVE-2012-3406/ SUSE CVE CVE-2012-3406 page https://www.suse.com/security/cve/CVE-2012-4412/ SUSE CVE CVE-2012-4412 page https://www.suse.com/security/cve/CVE-2013-0242/ SUSE CVE CVE-2013-0242 page https://www.suse.com/security/cve/CVE-2013-1914/ SUSE CVE CVE-2013-1914 page https://www.suse.com/security/cve/CVE-2013-2207/ SUSE CVE CVE-2013-2207 page https://www.suse.com/security/cve/CVE-2013-4237/ SUSE CVE CVE-2013-4237 page https://www.suse.com/security/cve/CVE-2013-4332/ SUSE CVE CVE-2013-4332 page https://www.suse.com/security/cve/CVE-2013-4458/ SUSE CVE CVE-2013-4458 page https://www.suse.com/security/cve/CVE-2013-7423/ SUSE CVE CVE-2013-7423 page https://www.suse.com/security/cve/CVE-2014-0475/ SUSE CVE CVE-2014-0475 page https://www.suse.com/security/cve/CVE-2014-4043/ SUSE CVE CVE-2014-4043 page https://www.suse.com/security/cve/CVE-2014-5119/ SUSE CVE CVE-2014-5119 page https://www.suse.com/security/cve/CVE-2014-6040/ SUSE CVE CVE-2014-6040 page https://www.suse.com/security/cve/CVE-2014-7817/ SUSE CVE CVE-2014-7817 page https://www.suse.com/security/cve/CVE-2014-8121/ SUSE CVE CVE-2014-8121 page https://www.suse.com/security/cve/CVE-2014-9402/ SUSE CVE CVE-2014-9402 page https://www.suse.com/security/cve/CVE-2014-9761/ SUSE CVE CVE-2014-9761 page https://www.suse.com/security/cve/CVE-2015-1472/ SUSE CVE CVE-2015-1472 page https://www.suse.com/security/cve/CVE-2015-1473/ SUSE CVE CVE-2015-1473 page https://www.suse.com/security/cve/CVE-2015-1781/ SUSE CVE CVE-2015-1781 page https://www.suse.com/security/cve/CVE-2015-7547/ SUSE CVE CVE-2015-7547 page https://www.suse.com/security/cve/CVE-2015-8776/ SUSE CVE CVE-2015-8776 page https://www.suse.com/security/cve/CVE-2015-8777/ SUSE CVE CVE-2015-8777 page https://www.suse.com/security/cve/CVE-2015-8778/ SUSE CVE CVE-2015-8778 page https://www.suse.com/security/cve/CVE-2015-8779/ SUSE CVE CVE-2015-8779 page https://www.suse.com/security/cve/CVE-2016-1234/ SUSE CVE CVE-2016-1234 page https://www.suse.com/security/cve/CVE-2016-3075/ SUSE CVE CVE-2016-3075 page https://www.suse.com/security/cve/CVE-2016-3706/ SUSE CVE CVE-2016-3706 page https://www.suse.com/security/cve/CVE-2016-4429/ SUSE CVE CVE-2016-4429 page https://www.suse.com/security/cve/CVE-2016-5417/ SUSE CVE CVE-2016-5417 page openSUSE Tumbleweed glibc-2.24-2.3 glibc-32bit-2.24-2.3 glibc-devel-2.24-2.3 glibc-devel-32bit-2.24-2.3 glibc-devel-static-2.24-2.3 glibc-devel-static-32bit-2.24-2.3 glibc-extra-2.24-2.3 glibc-html-2.24-2.3 glibc-i18ndata-2.24-2.3 glibc-info-2.24-2.3 glibc-locale-2.24-2.3 glibc-locale-32bit-2.24-2.3 glibc-obsolete-2.24-2.3 glibc-profile-2.24-2.3 glibc-profile-32bit-2.24-2.3 glibc-utils-2.24-2.3 glibc-utils-32bit-2.24-2.3 nscd-2.24-2.3 glibc-2.24-2.3 as a component of openSUSE Tumbleweed glibc-32bit-2.24-2.3 as a component of openSUSE Tumbleweed glibc-devel-2.24-2.3 as a component of openSUSE Tumbleweed glibc-devel-32bit-2.24-2.3 as a component of openSUSE Tumbleweed glibc-devel-static-2.24-2.3 as a component of openSUSE Tumbleweed glibc-devel-static-32bit-2.24-2.3 as a component of openSUSE Tumbleweed glibc-extra-2.24-2.3 as a component of openSUSE Tumbleweed glibc-html-2.24-2.3 as a component of openSUSE Tumbleweed glibc-i18ndata-2.24-2.3 as a component of openSUSE Tumbleweed glibc-info-2.24-2.3 as a component of openSUSE Tumbleweed glibc-locale-2.24-2.3 as a component of openSUSE Tumbleweed glibc-locale-32bit-2.24-2.3 as a component of openSUSE Tumbleweed glibc-obsolete-2.24-2.3 as a component of openSUSE Tumbleweed glibc-profile-2.24-2.3 as a component of openSUSE Tumbleweed glibc-profile-32bit-2.24-2.3 as a component of openSUSE Tumbleweed glibc-utils-2.24-2.3 as a component of openSUSE Tumbleweed glibc-utils-32bit-2.24-2.3 as a component of openSUSE Tumbleweed nscd-2.24-2.3 as a component of openSUSE Tumbleweed Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. CVE-2009-5029 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-5029.html CVE-2009-5029 https://bugzilla.suse.com/735850 SUSE Bug 735850 https://bugzilla.suse.com/736174 SUSE Bug 736174 https://bugzilla.suse.com/759836 SUSE Bug 759836 https://bugzilla.suse.com/826666 SUSE Bug 826666 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. CVE-2012-3406 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3406.html CVE-2012-3406 https://bugzilla.suse.com/770891 SUSE Bug 770891 https://bugzilla.suse.com/826666 SUSE Bug 826666 Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVE-2012-4412 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4412.html CVE-2012-4412 https://bugzilla.suse.com/779320 SUSE Bug 779320 https://bugzilla.suse.com/848783 SUSE Bug 848783 https://bugzilla.suse.com/882910 SUSE Bug 882910 https://bugzilla.suse.com/920169 SUSE Bug 920169 https://bugzilla.suse.com/920338 SUSE Bug 920338 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVE-2013-0242 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0242.html CVE-2013-0242 https://bugzilla.suse.com/801246 SUSE Bug 801246 https://bugzilla.suse.com/848783 SUSE Bug 848783 https://bugzilla.suse.com/882910 SUSE Bug 882910 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. CVE-2013-1914 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1914.html CVE-2013-1914 https://bugzilla.suse.com/813121 SUSE Bug 813121 https://bugzilla.suse.com/826666 SUSE Bug 826666 https://bugzilla.suse.com/882910 SUSE Bug 882910 https://bugzilla.suse.com/941444 SUSE Bug 941444 pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. CVE-2013-2207 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 4 AV:N/AC:H/Au:N/C:P/I:N/A:P 2.6 AV:L/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2207.html CVE-2013-2207 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/830257 SUSE Bug 830257 https://bugzilla.suse.com/979109 SUSE Bug 979109 sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. CVE-2013-4237 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4237.html CVE-2013-4237 https://bugzilla.suse.com/834594 SUSE Bug 834594 https://bugzilla.suse.com/882910 SUSE Bug 882910 https://bugzilla.suse.com/883022 SUSE Bug 883022 Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. CVE-2013-4332 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4332.html CVE-2013-4332 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/839870 SUSE Bug 839870 https://bugzilla.suse.com/882910 SUSE Bug 882910 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. CVE-2013-4458 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4458.html CVE-2013-4458 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/847227 SUSE Bug 847227 https://bugzilla.suse.com/883217 SUSE Bug 883217 https://bugzilla.suse.com/941444 SUSE Bug 941444 https://bugzilla.suse.com/955181 SUSE Bug 955181 https://bugzilla.suse.com/967023 SUSE Bug 967023 https://bugzilla.suse.com/980483 SUSE Bug 980483 The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVE-2013-7423 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 2.6 AV:L/AC:H/Au:N/C:P/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7423.html CVE-2013-7423 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/915526 SUSE Bug 915526 Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. CVE-2014-0475 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0475.html CVE-2014-0475 https://bugzilla.suse.com/887022 SUSE Bug 887022 https://bugzilla.suse.com/896776 SUSE Bug 896776 https://bugzilla.suse.com/916222 SUSE Bug 916222 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. CVE-2014-4043 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4043.html CVE-2014-4043 https://bugzilla.suse.com/882600 SUSE Bug 882600 https://bugzilla.suse.com/939797 SUSE Bug 939797 Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. CVE-2014-5119 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5119.html CVE-2014-5119 https://bugzilla.suse.com/892073 SUSE Bug 892073 https://bugzilla.suse.com/903057 SUSE Bug 903057 https://bugzilla.suse.com/916222 SUSE Bug 916222 GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. CVE-2014-6040 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6040.html CVE-2014-6040 https://bugzilla.suse.com/894553 SUSE Bug 894553 https://bugzilla.suse.com/903057 SUSE Bug 903057 https://bugzilla.suse.com/916222 SUSE Bug 916222 The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". CVE-2014-7817 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-7817.html CVE-2014-7817 https://bugzilla.suse.com/906371 SUSE Bug 906371 DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. CVE-2014-8121 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8121.html CVE-2014-8121 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/918187 SUSE Bug 918187 https://bugzilla.suse.com/945779 SUSE Bug 945779 The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. CVE-2014-9402 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9402.html CVE-2014-9402 https://bugzilla.suse.com/910599 SUSE Bug 910599 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. CVE-2014-9761 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9761.html CVE-2014-9761 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962738 SUSE Bug 962738 https://bugzilla.suse.com/986086 SUSE Bug 986086 The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. CVE-2015-1472 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1472.html CVE-2015-1472 https://bugzilla.suse.com/916222 SUSE Bug 916222 https://bugzilla.suse.com/920341 SUSE Bug 920341 https://bugzilla.suse.com/922243 SUSE Bug 922243 The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. CVE-2015-1473 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1473.html CVE-2015-1473 https://bugzilla.suse.com/916222 SUSE Bug 916222 https://bugzilla.suse.com/920341 SUSE Bug 920341 https://bugzilla.suse.com/922243 SUSE Bug 922243 Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. CVE-2015-1781 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1781.html CVE-2015-1781 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/927080 SUSE Bug 927080 https://bugzilla.suse.com/979109 SUSE Bug 979109 Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. CVE-2015-7547 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7547.html CVE-2015-7547 https://bugzilla.suse.com/1077097 SUSE Bug 1077097 https://bugzilla.suse.com/847227 SUSE Bug 847227 https://bugzilla.suse.com/961721 SUSE Bug 961721 https://bugzilla.suse.com/967023 SUSE Bug 967023 https://bugzilla.suse.com/967061 SUSE Bug 967061 https://bugzilla.suse.com/967072 SUSE Bug 967072 https://bugzilla.suse.com/967496 SUSE Bug 967496 https://bugzilla.suse.com/969216 SUSE Bug 969216 https://bugzilla.suse.com/969241 SUSE Bug 969241 https://bugzilla.suse.com/969591 SUSE Bug 969591 https://bugzilla.suse.com/986086 SUSE Bug 986086 The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. CVE-2015-8776 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 low 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8776.html CVE-2015-8776 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962736 SUSE Bug 962736 https://bugzilla.suse.com/986086 SUSE Bug 986086 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. CVE-2015-8777 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8777.html CVE-2015-8777 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/950944 SUSE Bug 950944 https://bugzilla.suse.com/962735 SUSE Bug 962735 Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. CVE-2015-8778 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8778.html CVE-2015-8778 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962737 SUSE Bug 962737 https://bugzilla.suse.com/986086 SUSE Bug 986086 Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. CVE-2015-8779 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8779.html CVE-2015-8779 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962739 SUSE Bug 962739 https://bugzilla.suse.com/965453 SUSE Bug 965453 https://bugzilla.suse.com/986086 SUSE Bug 986086 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. CVE-2016-1234 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1234.html CVE-2016-1234 https://bugzilla.suse.com/1020940 SUSE Bug 1020940 https://bugzilla.suse.com/969727 SUSE Bug 969727 https://bugzilla.suse.com/988770 SUSE Bug 988770 https://bugzilla.suse.com/988782 SUSE Bug 988782 https://bugzilla.suse.com/989127 SUSE Bug 989127 Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. CVE-2016-3075 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 low 4 AV:N/AC:H/Au:N/C:N/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3075.html CVE-2016-3075 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/973164 SUSE Bug 973164 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. CVE-2016-3706 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3706.html CVE-2016-3706 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/980483 SUSE Bug 980483 https://bugzilla.suse.com/997423 SUSE Bug 997423 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. CVE-2016-4429 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 low 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4429.html CVE-2016-4429 https://bugzilla.suse.com/1081556 SUSE Bug 1081556 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/980854 SUSE Bug 980854 Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. CVE-2016-5417 openSUSE Tumbleweed:glibc-2.24-2.3 openSUSE Tumbleweed:glibc-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-2.24-2.3 openSUSE Tumbleweed:glibc-devel-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-2.24-2.3 openSUSE Tumbleweed:glibc-devel-static-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-extra-2.24-2.3 openSUSE Tumbleweed:glibc-html-2.24-2.3 openSUSE Tumbleweed:glibc-i18ndata-2.24-2.3 openSUSE Tumbleweed:glibc-info-2.24-2.3 openSUSE Tumbleweed:glibc-locale-2.24-2.3 openSUSE Tumbleweed:glibc-locale-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-obsolete-2.24-2.3 openSUSE Tumbleweed:glibc-profile-2.24-2.3 openSUSE Tumbleweed:glibc-profile-32bit-2.24-2.3 openSUSE Tumbleweed:glibc-utils-2.24-2.3 openSUSE Tumbleweed:glibc-utils-32bit-2.24-2.3 openSUSE Tumbleweed:nscd-2.24-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5417.html CVE-2016-5417 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/991670 SUSE Bug 991670