Oval Definition:oval:com.redhat.rhsa:def:20170680
Revision Date:2017-03-21Version:639
Title:RHSA-2017:0680: glibc security and bug fix update (Moderate)
Description:The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • A stack overflow vulnerability was found in nan
  • functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761)

  • It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776)

  • An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778)

  • A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779)

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2014-9761
    CVE-2015-8776
    CVE-2015-8778
    CVE-2015-8779
    RHSA-2017:0680
    RHSA-2017:0680-00
    RHSA-2017:0680-01
    RHSA-2017:0680-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • glibc is earlier than 0:2.12-1.209.el6
  • AND glibc is signed with Red Hat redhatrelease2 key
  • glibc-common is earlier than 0:2.12-1.209.el6
  • AND glibc-common is signed with Red Hat redhatrelease2 key
  • glibc-devel is earlier than 0:2.12-1.209.el6
  • AND glibc-devel is signed with Red Hat redhatrelease2 key
  • glibc-headers is earlier than 0:2.12-1.209.el6
  • AND glibc-headers is signed with Red Hat redhatrelease2 key
  • glibc-static is earlier than 0:2.12-1.209.el6
  • AND glibc-static is signed with Red Hat redhatrelease2 key
  • glibc-utils is earlier than 0:2.12-1.209.el6
  • AND glibc-utils is signed with Red Hat redhatrelease2 key
  • nscd is earlier than 0:2.12-1.209.el6
  • AND nscd is signed with Red Hat redhatrelease2 key
  • BACK