Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
glibc-2.34-1.2 on GA media
Notes
Title of the patch
glibc-2.34-1.2 on GA media
Description of the patch
These are all security issues fixed in the glibc-2.34-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10792
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "glibc-2.34-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the glibc-2.34-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10792", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10792-1.json", }, { category: "self", summary: "SUSE CVE CVE-2009-5064 page", url: "https://www.suse.com/security/cve/CVE-2009-5064/", }, { category: "self", summary: "SUSE CVE CVE-2009-5155 page", url: "https://www.suse.com/security/cve/CVE-2009-5155/", }, { category: "self", summary: "SUSE CVE CVE-2010-3192 page", url: "https://www.suse.com/security/cve/CVE-2010-3192/", }, { category: "self", summary: "SUSE CVE CVE-2015-5180 page", url: "https://www.suse.com/security/cve/CVE-2015-5180/", }, { category: "self", summary: "SUSE CVE CVE-2016-10228 page", url: "https://www.suse.com/security/cve/CVE-2016-10228/", }, { category: "self", summary: "SUSE CVE CVE-2016-10739 page", url: "https://www.suse.com/security/cve/CVE-2016-10739/", }, { category: "self", summary: "SUSE CVE CVE-2016-6261 page", url: "https://www.suse.com/security/cve/CVE-2016-6261/", }, { category: "self", summary: "SUSE CVE CVE-2016-6323 page", url: "https://www.suse.com/security/cve/CVE-2016-6323/", }, { category: "self", summary: "SUSE CVE CVE-2017-1000366 page", url: "https://www.suse.com/security/cve/CVE-2017-1000366/", }, { category: "self", summary: "SUSE CVE CVE-2017-1000408 page", url: "https://www.suse.com/security/cve/CVE-2017-1000408/", }, { category: "self", summary: "SUSE CVE CVE-2017-12132 page", url: "https://www.suse.com/security/cve/CVE-2017-12132/", }, { category: "self", summary: "SUSE CVE CVE-2017-12133 page", url: "https://www.suse.com/security/cve/CVE-2017-12133/", }, { category: "self", summary: "SUSE CVE CVE-2017-15670 page", url: "https://www.suse.com/security/cve/CVE-2017-15670/", }, { category: "self", summary: "SUSE CVE CVE-2017-16997 page", url: "https://www.suse.com/security/cve/CVE-2017-16997/", }, { category: "self", summary: "SUSE CVE CVE-2017-17426 page", url: "https://www.suse.com/security/cve/CVE-2017-17426/", }, { category: "self", summary: "SUSE CVE CVE-2017-18269 page", url: "https://www.suse.com/security/cve/CVE-2017-18269/", }, { category: "self", summary: "SUSE CVE CVE-2018-1000001 page", url: "https://www.suse.com/security/cve/CVE-2018-1000001/", }, { category: "self", summary: "SUSE CVE CVE-2018-11236 page", url: "https://www.suse.com/security/cve/CVE-2018-11236/", }, { category: "self", summary: "SUSE CVE CVE-2018-11237 page", url: "https://www.suse.com/security/cve/CVE-2018-11237/", }, { category: "self", summary: "SUSE CVE CVE-2018-19591 page", url: "https://www.suse.com/security/cve/CVE-2018-19591/", }, { category: "self", summary: "SUSE CVE CVE-2018-6485 page", url: "https://www.suse.com/security/cve/CVE-2018-6485/", }, { category: "self", summary: "SUSE CVE CVE-2019-19126 page", url: "https://www.suse.com/security/cve/CVE-2019-19126/", }, { category: "self", summary: "SUSE CVE CVE-2019-25013 page", url: "https://www.suse.com/security/cve/CVE-2019-25013/", }, { category: "self", summary: "SUSE CVE CVE-2019-7309 page", url: "https://www.suse.com/security/cve/CVE-2019-7309/", }, { category: "self", summary: "SUSE CVE CVE-2019-9169 page", url: "https://www.suse.com/security/cve/CVE-2019-9169/", }, { category: "self", summary: "SUSE CVE CVE-2020-10029 page", url: "https://www.suse.com/security/cve/CVE-2020-10029/", }, { category: "self", summary: "SUSE CVE CVE-2020-1752 page", url: "https://www.suse.com/security/cve/CVE-2020-1752/", }, { category: "self", summary: "SUSE CVE CVE-2020-27618 page", url: "https://www.suse.com/security/cve/CVE-2020-27618/", }, { category: "self", summary: "SUSE CVE CVE-2020-29562 page", url: "https://www.suse.com/security/cve/CVE-2020-29562/", }, { category: "self", summary: "SUSE CVE CVE-2020-29573 page", url: "https://www.suse.com/security/cve/CVE-2020-29573/", }, { category: "self", summary: "SUSE CVE CVE-2020-6096 page", url: "https://www.suse.com/security/cve/CVE-2020-6096/", }, { category: "self", summary: "SUSE CVE CVE-2021-27645 page", url: "https://www.suse.com/security/cve/CVE-2021-27645/", }, { category: "self", summary: "SUSE CVE CVE-2021-3326 page", url: "https://www.suse.com/security/cve/CVE-2021-3326/", }, { category: "self", summary: "SUSE CVE CVE-2021-33574 page", url: "https://www.suse.com/security/cve/CVE-2021-33574/", }, ], title: "glibc-2.34-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10792-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "glibc-2.34-1.2.aarch64", product: { name: "glibc-2.34-1.2.aarch64", product_id: "glibc-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-devel-2.34-1.2.aarch64", product: { name: "glibc-devel-2.34-1.2.aarch64", product_id: "glibc-devel-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-devel-static-2.34-1.2.aarch64", product: { name: "glibc-devel-static-2.34-1.2.aarch64", product_id: "glibc-devel-static-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-extra-2.34-1.2.aarch64", product: { name: "glibc-extra-2.34-1.2.aarch64", product_id: "glibc-extra-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-html-2.34-1.2.aarch64", product: { name: "glibc-html-2.34-1.2.aarch64", product_id: "glibc-html-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-i18ndata-2.34-1.2.aarch64", product: { name: "glibc-i18ndata-2.34-1.2.aarch64", product_id: "glibc-i18ndata-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-info-2.34-1.2.aarch64", product: { name: "glibc-info-2.34-1.2.aarch64", product_id: "glibc-info-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-lang-2.34-1.2.aarch64", product: { name: "glibc-lang-2.34-1.2.aarch64", product_id: "glibc-lang-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-locale-2.34-1.2.aarch64", product: { name: "glibc-locale-2.34-1.2.aarch64", product_id: "glibc-locale-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-locale-base-2.34-1.2.aarch64", product: { name: "glibc-locale-base-2.34-1.2.aarch64", product_id: "glibc-locale-base-2.34-1.2.aarch64", }, }, { category: "product_version", name: "glibc-profile-2.34-1.2.aarch64", product: { name: "glibc-profile-2.34-1.2.aarch64", product_id: "glibc-profile-2.34-1.2.aarch64", }, }, { category: "product_version", name: "nscd-2.34-1.2.aarch64", product: { name: "nscd-2.34-1.2.aarch64", product_id: "nscd-2.34-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "glibc-2.34-1.2.ppc64le", product: { name: "glibc-2.34-1.2.ppc64le", product_id: "glibc-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-devel-2.34-1.2.ppc64le", product: { name: "glibc-devel-2.34-1.2.ppc64le", product_id: "glibc-devel-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-devel-static-2.34-1.2.ppc64le", product: { name: "glibc-devel-static-2.34-1.2.ppc64le", product_id: "glibc-devel-static-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-extra-2.34-1.2.ppc64le", product: { name: "glibc-extra-2.34-1.2.ppc64le", product_id: "glibc-extra-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-html-2.34-1.2.ppc64le", product: { name: "glibc-html-2.34-1.2.ppc64le", product_id: "glibc-html-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-i18ndata-2.34-1.2.ppc64le", product: { name: "glibc-i18ndata-2.34-1.2.ppc64le", product_id: "glibc-i18ndata-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-info-2.34-1.2.ppc64le", product: { name: "glibc-info-2.34-1.2.ppc64le", product_id: "glibc-info-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-lang-2.34-1.2.ppc64le", product: { name: "glibc-lang-2.34-1.2.ppc64le", product_id: "glibc-lang-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-locale-2.34-1.2.ppc64le", product: { name: "glibc-locale-2.34-1.2.ppc64le", product_id: "glibc-locale-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-locale-base-2.34-1.2.ppc64le", product: { name: "glibc-locale-base-2.34-1.2.ppc64le", product_id: "glibc-locale-base-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "glibc-profile-2.34-1.2.ppc64le", product: { name: "glibc-profile-2.34-1.2.ppc64le", product_id: "glibc-profile-2.34-1.2.ppc64le", }, }, { category: "product_version", name: "nscd-2.34-1.2.ppc64le", product: { name: "nscd-2.34-1.2.ppc64le", product_id: "nscd-2.34-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "glibc-2.34-1.2.s390x", product: { name: "glibc-2.34-1.2.s390x", product_id: "glibc-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-devel-2.34-1.2.s390x", product: { name: "glibc-devel-2.34-1.2.s390x", product_id: "glibc-devel-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-devel-static-2.34-1.2.s390x", product: { name: "glibc-devel-static-2.34-1.2.s390x", product_id: "glibc-devel-static-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-extra-2.34-1.2.s390x", product: { name: "glibc-extra-2.34-1.2.s390x", product_id: "glibc-extra-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-html-2.34-1.2.s390x", product: { name: "glibc-html-2.34-1.2.s390x", product_id: "glibc-html-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-i18ndata-2.34-1.2.s390x", product: { name: "glibc-i18ndata-2.34-1.2.s390x", product_id: "glibc-i18ndata-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-info-2.34-1.2.s390x", product: { name: "glibc-info-2.34-1.2.s390x", product_id: "glibc-info-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-lang-2.34-1.2.s390x", product: { name: "glibc-lang-2.34-1.2.s390x", product_id: "glibc-lang-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-locale-2.34-1.2.s390x", product: { name: "glibc-locale-2.34-1.2.s390x", product_id: "glibc-locale-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-locale-base-2.34-1.2.s390x", product: { name: "glibc-locale-base-2.34-1.2.s390x", product_id: "glibc-locale-base-2.34-1.2.s390x", }, }, { category: "product_version", name: "glibc-profile-2.34-1.2.s390x", product: { name: "glibc-profile-2.34-1.2.s390x", product_id: "glibc-profile-2.34-1.2.s390x", }, }, { category: "product_version", name: "nscd-2.34-1.2.s390x", product: { name: "nscd-2.34-1.2.s390x", product_id: "nscd-2.34-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "glibc-2.34-1.2.x86_64", product: { name: "glibc-2.34-1.2.x86_64", product_id: "glibc-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-devel-2.34-1.2.x86_64", product: { name: "glibc-devel-2.34-1.2.x86_64", product_id: "glibc-devel-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-devel-static-2.34-1.2.x86_64", product: { name: "glibc-devel-static-2.34-1.2.x86_64", product_id: "glibc-devel-static-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-extra-2.34-1.2.x86_64", product: { name: "glibc-extra-2.34-1.2.x86_64", product_id: "glibc-extra-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-html-2.34-1.2.x86_64", product: { name: "glibc-html-2.34-1.2.x86_64", product_id: "glibc-html-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-i18ndata-2.34-1.2.x86_64", product: { name: "glibc-i18ndata-2.34-1.2.x86_64", product_id: "glibc-i18ndata-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-info-2.34-1.2.x86_64", product: { name: "glibc-info-2.34-1.2.x86_64", product_id: "glibc-info-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-lang-2.34-1.2.x86_64", product: { name: "glibc-lang-2.34-1.2.x86_64", product_id: "glibc-lang-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-locale-2.34-1.2.x86_64", product: { name: "glibc-locale-2.34-1.2.x86_64", product_id: "glibc-locale-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-locale-base-2.34-1.2.x86_64", product: { name: "glibc-locale-base-2.34-1.2.x86_64", product_id: "glibc-locale-base-2.34-1.2.x86_64", }, }, { category: "product_version", name: "glibc-profile-2.34-1.2.x86_64", product: { name: "glibc-profile-2.34-1.2.x86_64", product_id: "glibc-profile-2.34-1.2.x86_64", }, }, { category: "product_version", name: "nscd-2.34-1.2.x86_64", product: { name: "nscd-2.34-1.2.x86_64", product_id: "nscd-2.34-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "glibc-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", }, product_reference: "glibc-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", }, product_reference: "glibc-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", }, product_reference: "glibc-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", }, product_reference: "glibc-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", }, product_reference: "glibc-devel-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", }, product_reference: "glibc-devel-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", }, product_reference: "glibc-devel-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", }, product_reference: "glibc-devel-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-static-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", }, product_reference: "glibc-devel-static-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-static-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", }, product_reference: "glibc-devel-static-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-static-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", }, product_reference: "glibc-devel-static-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-devel-static-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", }, product_reference: "glibc-devel-static-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-extra-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", }, product_reference: "glibc-extra-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-extra-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", }, product_reference: "glibc-extra-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-extra-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", }, product_reference: "glibc-extra-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-extra-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", }, product_reference: "glibc-extra-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", }, product_reference: "glibc-html-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", }, product_reference: "glibc-html-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", }, product_reference: "glibc-html-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-html-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", }, product_reference: "glibc-html-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", }, product_reference: "glibc-i18ndata-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", }, product_reference: "glibc-i18ndata-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", }, product_reference: "glibc-i18ndata-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-i18ndata-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", }, product_reference: "glibc-i18ndata-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", }, product_reference: "glibc-info-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", }, product_reference: "glibc-info-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", }, product_reference: "glibc-info-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-info-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", }, product_reference: "glibc-info-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-lang-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", }, product_reference: "glibc-lang-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-lang-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", }, product_reference: "glibc-lang-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-lang-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", }, product_reference: "glibc-lang-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-lang-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", }, product_reference: "glibc-lang-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", }, product_reference: "glibc-locale-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", }, product_reference: "glibc-locale-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", }, product_reference: "glibc-locale-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", }, product_reference: "glibc-locale-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-base-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", }, product_reference: "glibc-locale-base-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-base-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", }, product_reference: "glibc-locale-base-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-base-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", }, product_reference: "glibc-locale-base-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-locale-base-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", }, product_reference: "glibc-locale-base-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", }, product_reference: "glibc-profile-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", }, product_reference: "glibc-profile-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", }, product_reference: "glibc-profile-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "glibc-profile-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", }, product_reference: "glibc-profile-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nscd-2.34-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", }, product_reference: "nscd-2.34-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nscd-2.34-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", }, product_reference: "nscd-2.34-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nscd-2.34-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", }, product_reference: "nscd-2.34-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nscd-2.34-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", }, product_reference: "nscd-2.34-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2009-5064", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-5064", }, ], notes: [ { category: "general", text: "** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states \"This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-5064", url: "https://www.suse.com/security/cve/CVE-2009-5064", }, { category: "external", summary: "SUSE Bug 677787 for CVE-2009-5064", url: "https://bugzilla.suse.com/677787", }, { category: "external", summary: "SUSE Bug 684385 for CVE-2009-5064", url: "https://bugzilla.suse.com/684385", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-5064", }, { cve: "CVE-2009-5155", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-5155", }, ], notes: [ { category: "general", text: "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-5155", url: "https://www.suse.com/security/cve/CVE-2009-5155", }, { category: "external", summary: "SUSE Bug 1127223 for CVE-2009-5155", url: "https://bugzilla.suse.com/1127223", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2009-5155", }, { cve: "CVE-2010-3192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-3192", }, ], notes: [ { category: "general", text: "Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-3192", url: "https://www.suse.com/security/cve/CVE-2010-3192", }, { category: "external", summary: "SUSE Bug 636113 for CVE-2010-3192", url: "https://bugzilla.suse.com/636113", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-3192", }, { cve: "CVE-2015-5180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5180", }, ], notes: [ { category: "general", text: "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5180", url: "https://www.suse.com/security/cve/CVE-2015-5180", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-5180", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 1215582 for CVE-2015-5180", url: "https://bugzilla.suse.com/1215582", }, { category: "external", summary: "SUSE Bug 941234 for CVE-2015-5180", url: "https://bugzilla.suse.com/941234", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5180", }, { cve: "CVE-2016-10228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10228", }, ], notes: [ { category: "general", text: "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10228", url: "https://www.suse.com/security/cve/CVE-2016-10228", }, { category: "external", summary: "SUSE Bug 1027496 for CVE-2016-10228", url: "https://bugzilla.suse.com/1027496", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2016-10228", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-10228", }, { cve: "CVE-2016-10739", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10739", }, ], notes: [ { category: "general", text: "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10739", url: "https://www.suse.com/security/cve/CVE-2016-10739", }, { category: "external", summary: "SUSE Bug 1122729 for CVE-2016-10739", url: "https://bugzilla.suse.com/1122729", }, { category: "external", summary: "SUSE Bug 1155094 for CVE-2016-10739", url: "https://bugzilla.suse.com/1155094", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10739", }, { cve: "CVE-2016-6261", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-6261", }, ], notes: [ { category: "general", text: "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-6261", url: "https://www.suse.com/security/cve/CVE-2016-6261", }, { category: "external", summary: "SUSE Bug 1118435 for CVE-2016-6261", url: "https://bugzilla.suse.com/1118435", }, { category: "external", summary: "SUSE Bug 1173590 for CVE-2016-6261", url: "https://bugzilla.suse.com/1173590", }, { category: "external", summary: "SUSE Bug 990190 for CVE-2016-6261", url: "https://bugzilla.suse.com/990190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-6261", }, { cve: "CVE-2016-6323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-6323", }, ], notes: [ { category: "general", text: "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-6323", url: "https://www.suse.com/security/cve/CVE-2016-6323", }, { category: "external", summary: "SUSE Bug 994359 for CVE-2016-6323", url: "https://bugzilla.suse.com/994359", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-6323", }, { cve: "CVE-2017-1000366", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000366", }, ], notes: [ { category: "general", text: "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000366", url: "https://www.suse.com/security/cve/CVE-2017-1000366", }, { category: "external", summary: "SUSE Bug 1037551 for CVE-2017-1000366", url: "https://bugzilla.suse.com/1037551", }, { category: "external", summary: "SUSE Bug 1039357 for CVE-2017-1000366", url: "https://bugzilla.suse.com/1039357", }, { category: "external", summary: "SUSE Bug 1063847 for CVE-2017-1000366", url: "https://bugzilla.suse.com/1063847", }, { category: "external", summary: "SUSE Bug 1071319 for CVE-2017-1000366", url: "https://bugzilla.suse.com/1071319", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2017-1000366", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-1000366", }, { cve: "CVE-2017-1000408", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000408", }, ], notes: [ { category: "general", text: "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000408", url: "https://www.suse.com/security/cve/CVE-2017-1000408", }, { category: "external", summary: "SUSE Bug 1039357 for CVE-2017-1000408", url: "https://bugzilla.suse.com/1039357", }, { category: "external", summary: "SUSE Bug 1071319 for CVE-2017-1000408", url: "https://bugzilla.suse.com/1071319", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-1000408", }, { cve: "CVE-2017-12132", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12132", }, ], notes: [ { category: "general", text: "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12132", url: "https://www.suse.com/security/cve/CVE-2017-12132", }, { category: "external", summary: "SUSE Bug 1051791 for CVE-2017-12132", url: "https://bugzilla.suse.com/1051791", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2017-12132", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-12132", }, { cve: "CVE-2017-12133", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12133", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12133", url: "https://www.suse.com/security/cve/CVE-2017-12133", }, { category: "external", summary: "SUSE Bug 1081556 for CVE-2017-12133", url: "https://bugzilla.suse.com/1081556", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2017-12133", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 980854 for CVE-2017-12133", url: "https://bugzilla.suse.com/980854", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-12133", }, { cve: "CVE-2017-15670", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15670", }, ], notes: [ { category: "general", text: "The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15670", url: "https://www.suse.com/security/cve/CVE-2017-15670", }, { category: "external", summary: "SUSE Bug 1064583 for CVE-2017-15670", url: "https://bugzilla.suse.com/1064583", }, { category: "external", summary: "SUSE Bug 1110160 for CVE-2017-15670", url: "https://bugzilla.suse.com/1110160", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2017-15670", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15670", }, { cve: "CVE-2017-16997", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16997", }, ], notes: [ { category: "general", text: "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16997", url: "https://www.suse.com/security/cve/CVE-2017-16997", }, { category: "external", summary: "SUSE Bug 1073231 for CVE-2017-16997", url: "https://bugzilla.suse.com/1073231", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-16997", }, { cve: "CVE-2017-17426", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-17426", }, ], notes: [ { category: "general", text: "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-17426", url: "https://www.suse.com/security/cve/CVE-2017-17426", }, { category: "external", summary: "SUSE Bug 1071479 for CVE-2017-17426", url: "https://bugzilla.suse.com/1071479", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-17426", }, { cve: "CVE-2017-18269", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-18269", }, ], notes: [ { category: "general", text: "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-18269", url: "https://www.suse.com/security/cve/CVE-2017-18269", }, { category: "external", summary: "SUSE Bug 1094150 for CVE-2017-18269", url: "https://bugzilla.suse.com/1094150", }, { category: "external", summary: "SUSE Bug 1118435 for CVE-2017-18269", url: "https://bugzilla.suse.com/1118435", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-18269", }, { cve: "CVE-2018-1000001", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1000001", }, ], notes: [ { category: "general", text: "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1000001", url: "https://www.suse.com/security/cve/CVE-2018-1000001", }, { category: "external", summary: "SUSE Bug 1074293 for CVE-2018-1000001", url: "https://bugzilla.suse.com/1074293", }, { category: "external", summary: "SUSE Bug 1099047 for CVE-2018-1000001", url: "https://bugzilla.suse.com/1099047", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2018-1000001", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-1000001", }, { cve: "CVE-2018-11236", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11236", }, ], notes: [ { category: "general", text: "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11236", url: "https://www.suse.com/security/cve/CVE-2018-11236", }, { category: "external", summary: "SUSE Bug 1094161 for CVE-2018-11236", url: "https://bugzilla.suse.com/1094161", }, { category: "external", summary: "SUSE Bug 1110160 for CVE-2018-11236", url: "https://bugzilla.suse.com/1110160", }, { category: "external", summary: "SUSE Bug 1118435 for CVE-2018-11236", url: "https://bugzilla.suse.com/1118435", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2018-11236", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-11236", }, { cve: "CVE-2018-11237", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11237", }, ], notes: [ { category: "general", text: "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11237", url: "https://www.suse.com/security/cve/CVE-2018-11237", }, { category: "external", summary: "SUSE Bug 1092877 for CVE-2018-11237", url: "https://bugzilla.suse.com/1092877", }, { category: "external", summary: "SUSE Bug 1094154 for CVE-2018-11237", url: "https://bugzilla.suse.com/1094154", }, { category: "external", summary: "SUSE Bug 1118435 for CVE-2018-11237", url: "https://bugzilla.suse.com/1118435", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-11237", }, { cve: "CVE-2018-19591", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-19591", }, ], notes: [ { category: "general", text: "In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-19591", url: "https://www.suse.com/security/cve/CVE-2018-19591", }, { category: "external", summary: "SUSE Bug 1117603 for CVE-2018-19591", url: "https://bugzilla.suse.com/1117603", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-19591", }, { cve: "CVE-2018-6485", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-6485", }, ], notes: [ { category: "general", text: "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-6485", url: "https://www.suse.com/security/cve/CVE-2018-6485", }, { category: "external", summary: "SUSE Bug 1079036 for CVE-2018-6485", url: "https://bugzilla.suse.com/1079036", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2018-6485", url: "https://bugzilla.suse.com/1123874", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-6485", }, { cve: "CVE-2019-19126", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19126", }, ], notes: [ { category: "general", text: "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-19126", url: "https://www.suse.com/security/cve/CVE-2019-19126", }, { category: "external", summary: "SUSE Bug 1157292 for CVE-2019-19126", url: "https://bugzilla.suse.com/1157292", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-19126", }, { cve: "CVE-2019-25013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-25013", }, ], notes: [ { category: "general", text: "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-25013", url: "https://www.suse.com/security/cve/CVE-2019-25013", }, { category: "external", summary: "SUSE Bug 1182117 for CVE-2019-25013", url: "https://bugzilla.suse.com/1182117", }, { category: "external", summary: "SUSE Bug 1220988 for CVE-2019-25013", url: "https://bugzilla.suse.com/1220988", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-25013", }, { cve: "CVE-2019-7309", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-7309", }, ], notes: [ { category: "general", text: "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-7309", url: "https://www.suse.com/security/cve/CVE-2019-7309", }, { category: "external", summary: "SUSE Bug 1124100 for CVE-2019-7309", url: "https://bugzilla.suse.com/1124100", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-7309", }, { cve: "CVE-2019-9169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-9169", }, ], notes: [ { category: "general", text: "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-9169", url: "https://www.suse.com/security/cve/CVE-2019-9169", }, { category: "external", summary: "SUSE Bug 1127308 for CVE-2019-9169", url: "https://bugzilla.suse.com/1127308", }, { category: "external", summary: "SUSE Bug 1146392 for CVE-2019-9169", url: "https://bugzilla.suse.com/1146392", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-9169", }, { cve: "CVE-2020-10029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10029", }, ], notes: [ { category: "general", text: "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10029", url: "https://www.suse.com/security/cve/CVE-2020-10029", }, { category: "external", summary: "SUSE Bug 1165784 for CVE-2020-10029", url: "https://bugzilla.suse.com/1165784", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-10029", }, { cve: "CVE-2020-1752", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-1752", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-1752", url: "https://www.suse.com/security/cve/CVE-2020-1752", }, { category: "external", summary: "SUSE Bug 1167631 for CVE-2020-1752", url: "https://bugzilla.suse.com/1167631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-1752", }, { cve: "CVE-2020-27618", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-27618", }, ], notes: [ { category: "general", text: "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-27618", url: "https://www.suse.com/security/cve/CVE-2020-27618", }, { category: "external", summary: "SUSE Bug 1178386 for CVE-2020-27618", url: "https://bugzilla.suse.com/1178386", }, { category: "external", summary: "SUSE Bug 1220988 for CVE-2020-27618", url: "https://bugzilla.suse.com/1220988", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-27618", }, { cve: "CVE-2020-29562", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-29562", }, ], notes: [ { category: "general", text: "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-29562", url: "https://www.suse.com/security/cve/CVE-2020-29562", }, { category: "external", summary: "SUSE Bug 1179694 for CVE-2020-29562", url: "https://bugzilla.suse.com/1179694", }, { category: "external", summary: "SUSE Bug 1220988 for CVE-2020-29562", url: "https://bugzilla.suse.com/1220988", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-29562", }, { cve: "CVE-2020-29573", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-29573", }, ], notes: [ { category: "general", text: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-29573", url: "https://www.suse.com/security/cve/CVE-2020-29573", }, { category: "external", summary: "SUSE Bug 1179721 for CVE-2020-29573", url: "https://bugzilla.suse.com/1179721", }, { category: "external", summary: "SUSE Bug 1220988 for CVE-2020-29573", url: "https://bugzilla.suse.com/1220988", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-29573", }, { cve: "CVE-2020-6096", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-6096", }, ], notes: [ { category: "general", text: "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-6096", url: "https://www.suse.com/security/cve/CVE-2020-6096", }, { category: "external", summary: "SUSE Bug 1168425 for CVE-2020-6096", url: "https://bugzilla.suse.com/1168425", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-6096", }, { cve: "CVE-2021-27645", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27645", }, ], notes: [ { category: "general", text: "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27645", url: "https://www.suse.com/security/cve/CVE-2021-27645", }, { category: "external", summary: "SUSE Bug 1182733 for CVE-2021-27645", url: "https://bugzilla.suse.com/1182733", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2021-27645", }, { cve: "CVE-2021-3326", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3326", }, ], notes: [ { category: "general", text: "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3326", url: "https://www.suse.com/security/cve/CVE-2021-3326", }, { category: "external", summary: "SUSE Bug 1181505 for CVE-2021-3326", url: "https://bugzilla.suse.com/1181505", }, { category: "external", summary: "SUSE Bug 1212283 for CVE-2021-3326", url: "https://bugzilla.suse.com/1212283", }, { category: "external", summary: "SUSE Bug 1220988 for CVE-2021-3326", url: "https://bugzilla.suse.com/1220988", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3326", }, { cve: "CVE-2021-33574", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-33574", }, ], notes: [ { category: "general", text: "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-33574", url: "https://www.suse.com/security/cve/CVE-2021-33574", }, { category: "external", summary: "SUSE Bug 1186489 for CVE-2021-33574", url: "https://bugzilla.suse.com/1186489", }, { category: "external", summary: "SUSE Bug 1189426 for CVE-2021-33574", url: "https://bugzilla.suse.com/1189426", }, { category: "external", summary: "SUSE Bug 1192788 for CVE-2021-33574", url: "https://bugzilla.suse.com/1192788", }, { category: "external", summary: "SUSE Bug 1196766 for CVE-2021-33574", url: "https://bugzilla.suse.com/1196766", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:glibc-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-devel-static-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-extra-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-html-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-html-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-html-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-i18ndata-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-info-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-info-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-info-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-lang-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-locale-base-2.34-1.2.x86_64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.aarch64", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.ppc64le", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.s390x", "openSUSE Tumbleweed:glibc-profile-2.34-1.2.x86_64", "openSUSE Tumbleweed:nscd-2.34-1.2.aarch64", "openSUSE Tumbleweed:nscd-2.34-1.2.ppc64le", "openSUSE Tumbleweed:nscd-2.34-1.2.s390x", "openSUSE Tumbleweed:nscd-2.34-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-33574", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.