Login


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in GNU C library
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in GNU C library
ID: FEDORA-2016-0480defc94
Distribution: Fedora
Plattformen: Fedora 22
Datum: Mi, 17. Februar 2016, 14:32
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777

Originalnachricht

Name        : glibc
Product : Fedora 22
Version : 2.21
Release : 11.fc22
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

This updates addresses a critical security vulnerability in the DNS resolver
related to `AF_UNSPEC` queries with `getaddrinfo` (CVE-2015-7547). It also
includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves
`malloc` scalability for applications which start and terminate many threads.
The output of `locale -a` is now ASCII-only (previously, it contained
ISO-8859-1
characters).
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1199525 - CVE-2015-1781 glibc: buffer overflow in
gethostbyname_r() and related functions with misaligned buffer
https://bugzilla.redhat.com/show_bug.cgi?id=1199525
[ 2 ] Bug #1260581 - CVE-2015-8777 glibc: LD_POINTER_GUARD in the environment
is not sanitized
https://bugzilla.redhat.com/show_bug.cgi?id=1260581
[ 3 ] Bug #1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer
overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1293532
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung