Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.
7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.
0412f59ba60e6f3546c153206b4f490e8e4d6187358607bb442d3ffcaa511903Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
26074a481751614ed048aa65c68c0f68a31ac03ddd5cb0a7c9feb7060aa253caRed Hat Security Advisory 2015-0016-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
90cd9b71e30ab8c30bd38d9fa4f597107a84bbed6e771bcc76f44a2ec20281ffRed Hat Security Advisory 2014-2023-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
1a729c8365de7fcb60f232832a81c20bc4f9497690301c4c5976e0a515d81582Ubuntu Security Notice 2432-1 - Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. Various other issues were also addressed.
ee9a58bff9d011d6367f3b45438ca35803c8316ec24d9da327b4cbbe7f9d4442Mandriva Linux Security Advisory 2014-232 - The function wordexp\(\) fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ... can be anything valid. The backticks in the arithmetic expression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue.
3ae4a73075a4f65622957a8cedc74c98147406a7b1913f82ee05ab73b4ee0479
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed