SB2016021706 - Gentoo update for GNU C Library
Published: February 17, 2016 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2015-7547)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to stack-based buffer overflow in in the (1) send_dg and (2) send_vc functions in the libresolv library. A remote attacker can use a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module, cause memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Input validation error (CVE-ID: CVE-2015-8776)
The vulnerability allows a remote non-authenticated attacker to read data or crash the application.
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
3) Buffer overflow (CVE-ID: CVE-2015-8778)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
4) Stack-based buffer overflow (CVE-ID: CVE-2015-8779)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long catalog name. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Input validation error (CVE-ID: CVE-2013-7423)
The vulnerability allows a remote non-authenticated attacker to corrupt data.
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
6) Path traversal (CVE-ID: CVE-2014-0475)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
7) Input validation error (CVE-ID: CVE-2014-5119)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
8) Buffer overflow (CVE-ID: CVE-2014-6040)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
9) Input validation error (CVE-ID: CVE-2014-7817)
The vulnerability allows a local user to read and manipulate data.
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
10) Infinite loop (CVE-ID: CVE-2014-8121)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
11) Infinite loop (CVE-ID: CVE-2014-9402)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the nss_dns implementation of getnetbyname due to infinite loop when the DNS backend in the Name Service Switch configuration is enabled. A remote attacker can send a positive answer while a network name is being process and cause the service to crash.
12) Buffer overflow (CVE-ID: CVE-2015-1472)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
13) Buffer overflow (CVE-ID: CVE-2015-1781)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6). A remote attacker can create a specially crafted file and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.