openSUSE Security Update : glibc (openSUSE-2015-173)

high Nessus Plugin ID 81560

Synopsis

The remote openSUSE host is missing a security update.

Description

Glibc was updated to fix several security issues.

- Avoid infinite loop in nss_dns getnetbyname (CVE-2014-9402, bsc#910599, BZ #17630)

- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, bsc#906371, BZ #17625)

- Fix invalid file descriptor reuse while sending DNS query (CVE-2013-7423, bsc#915526, BZ #15946)

- Fix buffer overflow in wscanf (CVE-2015-1472, bsc#916222, BZ #16618)

Solution

Update the affected glibc packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=906371

https://bugzilla.opensuse.org/show_bug.cgi?id=910599

https://bugzilla.opensuse.org/show_bug.cgi?id=915526

https://bugzilla.opensuse.org/show_bug.cgi?id=916222

Plugin Details

Severity: High

ID: 81560

File Name: openSUSE-2015-173.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2/27/2015

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:glibc, p-cpe:/a:novell:opensuse:glibc-32bit, p-cpe:/a:novell:opensuse:glibc-debuginfo, p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit, p-cpe:/a:novell:opensuse:glibc-debugsource, p-cpe:/a:novell:opensuse:glibc-devel, p-cpe:/a:novell:opensuse:glibc-devel-32bit, p-cpe:/a:novell:opensuse:glibc-devel-debuginfo, p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit, p-cpe:/a:novell:opensuse:glibc-devel-static, p-cpe:/a:novell:opensuse:glibc-devel-static-32bit, p-cpe:/a:novell:opensuse:glibc-extra, p-cpe:/a:novell:opensuse:glibc-extra-debuginfo, p-cpe:/a:novell:opensuse:glibc-html, p-cpe:/a:novell:opensuse:glibc-i18ndata, p-cpe:/a:novell:opensuse:glibc-info, p-cpe:/a:novell:opensuse:glibc-locale, p-cpe:/a:novell:opensuse:glibc-locale-32bit, p-cpe:/a:novell:opensuse:glibc-locale-debuginfo, p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit, p-cpe:/a:novell:opensuse:glibc-obsolete, p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo, p-cpe:/a:novell:opensuse:glibc-profile, p-cpe:/a:novell:opensuse:glibc-profile-32bit, p-cpe:/a:novell:opensuse:glibc-utils, p-cpe:/a:novell:opensuse:glibc-utils-32bit, p-cpe:/a:novell:opensuse:glibc-utils-debuginfo, p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit, p-cpe:/a:novell:opensuse:glibc-utils-debugsource, p-cpe:/a:novell:opensuse:nscd, p-cpe:/a:novell:opensuse:nscd-debuginfo, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/24/2015

Reference Information

CVE: CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472