Description: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory.
Vulnerability Insight: This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues:
* bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119)
* bnc#886416: Avoid redundant shift character in iconv output at block boundary.
* bnc#883022: Initialize errcode in sysdeps/unix/opendir.c.
* bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043)
* bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed.
* bnc#843735: Don't crash on unresolved weak symbol reference.
* bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332)
* bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork.
* bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237)
* bnc#830268: Initialize pointer guard also in static executables. (CVE-2013-4788)
* bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242)
* bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412)
* bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait.
Affected Software/OS: glibc on SUSE Linux Enterprise Server 11 SP1 LTSS
Solution: Please install the updated package(s).
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|