Main Vulnerability Database SB2022113036

SB2022113036 - SUSE update for glibc

Published: November 30, 2022

Security Bulletin ID SB2022113036

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Data Handling (CVE-ID: CVE-2015-8985)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20223942-2/

Vulnerable Software

SUSE OpenStack Cloud Crowbar: 9
SUSE Linux Enterprise Server for SAP: 12-SP4
SUSE Linux Enterprise Server: 12-SP4-LTSS
SUSE OpenStack Cloud: 9
glibc-info: before 2.22-114.22.1
glibc-i18ndata: before 2.22-114.22.1
glibc-html: before 2.22-114.22.1
nscd-debuginfo: before 2.22-114.22.1
nscd: before 2.22-114.22.1
glibc-profile-32bit: before 2.22-114.22.1
glibc-profile: before 2.22-114.22.1
glibc-locale-debuginfo-32bit: before 2.22-114.22.1
glibc-locale-debuginfo: before 2.22-114.22.1
glibc-locale-32bit: before 2.22-114.22.1
glibc-locale: before 2.22-114.22.1
glibc-devel-debuginfo-32bit: before 2.22-114.22.1
glibc-devel-debuginfo: before 2.22-114.22.1
glibc-devel-32bit: before 2.22-114.22.1
glibc-devel: before 2.22-114.22.1
glibc-debugsource: before 2.22-114.22.1
glibc-debuginfo-32bit: before 2.22-114.22.1
glibc-debuginfo: before 2.22-114.22.1
glibc-32bit: before 2.22-114.22.1
glibc: before 2.22-114.22.1