var-201602-0004
Vulnerability from variot
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. glibc Contains a buffer overflow vulnerability. glibc Is send_dg() and send_vc() A stack-based buffer overflow vulnerability exists due to the processing of.A remote attacker could execute arbitrary code or disrupt service operations (DoS) There is a possibility of being attacked. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system.
There is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0175-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0175.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 =====================================================================
- Summary:
Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)
This issue was discovered by the Google Security Team and Red Hat.
This update also fixes the following bugs:
-
The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270)
-
A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625)
All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm
ppc64: glibc-2.12-1.166.el6_7.7.ppc.rpm glibc-2.12-1.166.el6_7.7.ppc64.rpm glibc-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-devel-2.12-1.166.el6_7.7.ppc.rpm glibc-devel-2.12-1.166.el6_7.7.ppc64.rpm glibc-headers-2.12-1.166.el6_7.7.ppc64.rpm glibc-utils-2.12-1.166.el6_7.7.ppc64.rpm nscd-2.12-1.166.el6_7.7.ppc64.rpm
s390x: glibc-2.12-1.166.el6_7.7.s390.rpm glibc-2.12-1.166.el6_7.7.s390x.rpm glibc-common-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-devel-2.12-1.166.el6_7.7.s390.rpm glibc-devel-2.12-1.166.el6_7.7.s390x.rpm glibc-headers-2.12-1.166.el6_7.7.s390x.rpm glibc-utils-2.12-1.166.el6_7.7.s390x.rpm nscd-2.12-1.166.el6_7.7.s390x.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm
ppc64: glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-static-2.12-1.166.el6_7.7.ppc.rpm glibc-static-2.12-1.166.el6_7.7.ppc64.rpm
s390x: glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-static-2.12-1.166.el6_7.7.s390.rpm glibc-static-2.12-1.166.el6_7.7.s390x.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWw0gnXlSAg2UNWIIRAgp4AJ9BIF6YHY/UoQcUvkEfqPbxa4+G6wCgouQY aOCbFFx87AiVZnfSlGYcLjI= =tRjT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
-
Upgrade HP OneView to patch version 2.00.07.
-
HP StoreVirtual VSA Software 12.6
- HP StoreVirtual 4130 600GB SAS Storage 12.6
- HP StoreVirtual 4130 600GB China SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6
- HP StoreVirtual 4330 450GB China SAS Storage 12.6
- HP StoreVirtual 4330 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 450GB SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage 12.6
- HP StoreVirtual 4630 900GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage 12.6
- HP StoreVirtual 4730 900GB SAS Storage 12.6
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4335 China Hybrid Storage 12.6
- HP StoreVirtual 4335 Hybrid Storage 12.6
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6
- HP StoreVirtual 4130 600GB China SAS Storage 12.6
- HP StoreVirtual 4130 600GB SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 450GB China SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6
- HP StoreVirtual 4335 China Hybrid Storage 12.6
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6
- HP StoreVirtual 4335 Hybrid Storage 12.6
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 450GB SAS Storage 12.6
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4630 900GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4730 900GB SAS Storage 12.6
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-7547
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI
d=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerability with glibc for all of the impacted HPE StoreVirtual products.
- LeftHand OS 12.6 - patch 56001
- LeftHand OS 12.5 - patch 55015
Notes:
- These patches will upgrade glibc to 2.12-1.166 to resolve this issue. ============================================================================ Ubuntu Security Notice USN-2900-1 February 16, 2016
eglibc, glibc vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
GNU C Library could be made to crash or run programs if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libc6 2.21-0ubuntu4.1
Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04989404 Version: 1
HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-18 Last Updated: 2016-02-18
Potential Security Impact: Remote Arbitrary Code Execution
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code.
- Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable.
References:
- CVE-2015-7547
- PSRT110035
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
-
HPE Helion Eucalyptus 4.2.1 and earlier
-
HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus.
-
All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS:
https://access.redhat.com/articles/2161461
RHEL Note: After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services.
-
New Helion Eucalyptus Service EMIs will be made available soon in the Eucalyptus software repositories at:
http://downloads.eucalyptus.com/software/eucalyptus/4.2/
Note: This security bulletin will be revised when those updates are available.
Until Helion Eucalyptus EMI updates are available, the following workaround is available to update the instances launched from eucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc packages.
Workaround:
As a cloud administrator:
1) create an update-glibc script with the following content:
#! /bin/bash
yum update -y glibc
2) set the following cloud properties to use that script on instance start:
euctl services.imaging.worker.init_script=@update-glibc
euctl services.loadbalancing.worker.init_script=@update-glibc
This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account:
# euare-accountlist | grep loadbalancing
(eucalyptus)loadbalancing <accnt_id>
# euca-describe-instances verbose | grep <accnt_id>
And terminate them using euca-terminate-instances. New updated instances will be started automatically after that.
For the Imaging Service, the imaging worker needs to be terminated and started again:
# esi-manage-stack -a delete imaging
# esi-manage-stack -a create imaging
HISTORY Version:1 (rev.1) - 17 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
For HPE Helion OpenStack 1.1.1:
Helion OpenStack 1.1.1 customers should engage with HPE Helion Professional Services via existing support channels to assist with the upgrade. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201602-02
https://security.gentoo.org/
Severity: High Title: GNU C Library: Multiple vulnerabilities Date: February 17, 2016 Bugs: #516884, #517082, #521932, #529982, #532874, #538090, #538814, #540070, #541246, #541542, #547296, #552692, #574880 ID: 201602-02
Synopsis
Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/glibc < 2.21-r2 >= 2.21-r2
Description
Multiple vulnerabilities have been discovered in the GNU C Library:
- The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547).
- The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776).
- An integer overflow was found in the __hcreate_r() function (CVE-2015-8778).
- Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779).
Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information.
Workaround
A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below.
Resolution
All GNU C Library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2"
It is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package.
Note: Should you run into compilation failures while updating, please see bug 574948.
References
[ 1 ] CVE-2013-7423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423 [ 2 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 3 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 4 ] CVE-2014-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119 [ 5 ] CVE-2014-6040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040 [ 6 ] CVE-2014-7817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817 [ 7 ] CVE-2014-8121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121 [ 8 ] CVE-2014-9402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402 [ 9 ] CVE-2015-1472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472 [ 10 ] CVE-2015-1781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781 [ 11 ] CVE-2015-7547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547 [ 12 ] CVE-2015-8776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776 [ 13 ] CVE-2015-8778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778 [ 14 ] CVE-2015-8779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779 [ 15 ] Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow"
https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta= ddrinfo-stack.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201602-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 2.0,
"vendor": "suse",
"version": "12"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.2"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fujitsu m10",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2290"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.15"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.1.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.16"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.319"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.5"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.1.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.17"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.19"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.20"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.355"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14.1"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11"
},
{
"model": "c library",
"scope": "lte",
"trust": 0.8,
"vendor": "gnu",
"version": "(glibc) 2.9 from 2.22"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "5.5"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "virtual appliances",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "2290 (fujitsu m10-1/m10-4/m10-4s server )"
},
{
"model": "clusterpro",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver6.1"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver7.0"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver7.1"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver8.0 (red hat enterprise linux 6 and 7)"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver4.1"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver5.0"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver5.1"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver8.0 (red hat enterprise linux 6 and 7)"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series intersecvm/sg v1.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series sg3600lm/lg/lj v6.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series univerge sg3000lg/lj"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series v5.0.0 to v5.0.3"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "m/d/s/a/e series"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "-v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "-v7"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.5 ~ v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.5 ~ v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.5 ~ v9.4"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "(for corba application) v8.5 ~ v9.4"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.5 ~ v9.3"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v9.1 ~ v9.3"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter r14.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter r14.2"
},
{
"model": "websam assetsuite",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "glibc",
"scope": "gt",
"trust": 0.6,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "ape",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "basic rt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "rox ii os",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.0\u003c=v2.9.0"
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:server_migration_pack:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:helion_openstack:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.319:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.355:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2290",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
}
],
"trust": 0.6
},
"cve": "CVE-2015-7547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7547",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01100",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85508",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7547",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7547",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85508",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module. glibc Contains a buffer overflow vulnerability. glibc Is send_dg() and send_vc() A stack-based buffer overflow vulnerability exists due to the processing of.A remote attacker could execute arbitrary code or disrupt service operations (DoS) There is a possibility of being attacked. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. \n\nThere is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: glibc security and bug fix update\nAdvisory ID: RHSA-2016:0175-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0175.html\nIssue date: 2016-02-16\nCVE Names: CVE-2015-7547 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nA stack-based buffer overflow was found in the way the libresolv library\nperformed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the\nnss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat. \n\nThis update also fixes the following bugs:\n\n* The dynamic loader has been enhanced to allow the loading of more shared\nlibraries that make use of static thread local storage. While static thread\nlocal storage is the fastest access mechanism it may also prevent the\nshared library from being loaded at all since the static storage space is a\nlimited and shared process-global resource. Applications which would\npreviously fail with \"dlopen: cannot load any more object with static TLS\"\nshould now start up correctly. (BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of large\nthread-local storage data that exceeded PTHREAD_STACK_MIN in size\n(generally 16 KiB). The bug in librt has been corrected and the impacted\nAPIs no longer return errors when large thread-local storage data is\npresent in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-headers-2.12-1.166.el6_7.7.i686.rpm\nglibc-utils-2.12-1.166.el6_7.7.i686.rpm\nnscd-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-headers-2.12-1.166.el6_7.7.i686.rpm\nglibc-utils-2.12-1.166.el6_7.7.i686.rpm\nnscd-2.12-1.166.el6_7.7.i686.rpm\n\nppc64:\nglibc-2.12-1.166.el6_7.7.ppc.rpm\nglibc-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-common-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-devel-2.12-1.166.el6_7.7.ppc.rpm\nglibc-devel-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-headers-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-utils-2.12-1.166.el6_7.7.ppc64.rpm\nnscd-2.12-1.166.el6_7.7.ppc64.rpm\n\ns390x:\nglibc-2.12-1.166.el6_7.7.s390.rpm\nglibc-2.12-1.166.el6_7.7.s390x.rpm\nglibc-common-2.12-1.166.el6_7.7.s390x.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm\nglibc-devel-2.12-1.166.el6_7.7.s390.rpm\nglibc-devel-2.12-1.166.el6_7.7.s390x.rpm\nglibc-headers-2.12-1.166.el6_7.7.s390x.rpm\nglibc-utils-2.12-1.166.el6_7.7.s390x.rpm\nnscd-2.12-1.166.el6_7.7.s390x.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-static-2.12-1.166.el6_7.7.ppc.rpm\nglibc-static-2.12-1.166.el6_7.7.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm\nglibc-static-2.12-1.166.el6_7.7.s390.rpm\nglibc-static-2.12-1.166.el6_7.7.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-headers-2.12-1.166.el6_7.7.i686.rpm\nglibc-utils-2.12-1.166.el6_7.7.i686.rpm\nnscd-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7547\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/articles/2161461\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWw0gnXlSAg2UNWIIRAgp4AJ9BIF6YHY/UoQcUvkEfqPbxa4+G6wCgouQY\naOCbFFx87AiVZnfSlGYcLjI=\n=tRjT\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n - Upgrade HP OneView to patch version 2.00.07. \n\n - HP StoreVirtual VSA Software 12.6\n - HP StoreVirtual 4130 600GB SAS Storage 12.6\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 450GB SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage 12.6\n - HP StoreVirtual 4630 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage 12.6\n - HP StoreVirtual 4730 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4335 China Hybrid Storage 12.6\n - HP StoreVirtual 4335 Hybrid Storage 12.6\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6\n - HP StoreVirtual 4130 600GB SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6\n - HP StoreVirtual 4335 China Hybrid Storage 12.6\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6\n - HP StoreVirtual 4335 Hybrid Storage 12.6\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 450GB SAS Storage 12.6\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4630 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4730 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-7547\n 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerability with glibc for all of the impacted HPE StoreVirtual products. \n\n - LeftHand OS 12.6 - patch 56001\n - LeftHand OS 12.5 - patch 55015\n\n **Notes:**\n\n - These patches will upgrade glibc to 2.12-1.166 to resolve this issue. ============================================================================\nUbuntu Security Notice USN-2900-1\nFebruary 16, 2016\n\neglibc, glibc vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nGNU C Library could be made to crash or run programs if it received\nspecially crafted network traffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libc6 2.21-0ubuntu4.1\n\nUbuntu 14.04 LTS:\n libc6 2.19-0ubuntu6.7\n\nUbuntu 12.04 LTS:\n libc6 2.15-0ubuntu10.13\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04989404\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04989404\nVersion: 1\n\nHPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion\nEucalyptus Components using glibc, Remote Arbitrary Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-18\nLast Updated: 2016-02-18\n\nPotential Security Impact: Remote Arbitrary Code Execution\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in glibc has been addressed with HPE Helion\nEucalyptus Node Controller and other Helion Eucalyptus components. The\nvulnerability could be exploited remotely resulting in arbitrary execution of\ncode. \n\n - Helion Eucalyptus Node Controller (NC) components are confirmed to be\naffected by the vulnerability. Other Helion Eucalyptus components and\npre-bundled service EMIs do not directly expose the vulnerability, but\nbecause glibc is a commonly used library on Linux, the exact exposure is hard\nto determine. Any software performing domain name resolution is potentially\nvulnerable. \n\nReferences:\n\n - CVE-2015-7547\n - PSRT110035\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Helion Eucalyptus 4.2.1 and earlier\n\n - HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services\npackage \"eucalyptus-service-image-1.48-0.87.99\" and earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has made the following software updates and workaround information\navailable to resolve the vulnerability with glibc for HPE Helion Eucalyptus. \n\n+ All hosts running HPE Helion Eucalyptus services should be upgraded to the\nlatest glibc. Updated glibc packages are available for RHEL and CentOS:\n\n https://access.redhat.com/articles/2161461\n\n **RHEL Note:** After following the guidelines for RHEL, a reboot is the\nsafest and recommended way to ensure that updates takes effect for all\nservices. \n\n+ New Helion Eucalyptus Service EMIs will be made available soon in the\nEucalyptus software repositories at:\n\n http://downloads.eucalyptus.com/software/eucalyptus/4.2/\n\n **Note:** This security bulletin will be revised when those updates are\navailable. \n\nUntil Helion Eucalyptus EMI updates are available, the following workaround\nis available to update the instances launched from\neucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc\npackages. \n\n**Workaround:**\n\n As a cloud administrator:\n\n 1) create an update-glibc script with the following content:\n\n #! /bin/bash\n yum update -y glibc\n\n 2) set the following cloud properties to use that script on instance start:\n\n euctl services.imaging.worker.init_script=@update-glibc\n euctl services.loadbalancing.worker.init_script=@update-glibc\n\n This script will be automatically executed for each of the new instances\nstarted from the service image. For instances that are already\nrunning, the cloud administrator will need to terminate them and start again\nfor the script to take effect. More specifically, for the Load Balancing\nservice, the cloud admin needs to find all instances running under the\n\"(eucalyptus)loadbalancing\" account:\n\n # euare-accountlist | grep loadbalancing\n (eucalyptus)loadbalancing \u003caccnt_id\u003e\n\n # euca-describe-instances verbose | grep \u003caccnt_id\u003e\n\n And terminate them using euca-terminate-instances. New updated instances\nwill be started automatically after that. \n\n For the Imaging Service, the imaging worker needs to be terminated and\nstarted again:\n\n # esi-manage-stack -a delete imaging\n # esi-manage-stack -a create imaging\n\nHISTORY\nVersion:1 (rev.1) - 17 February 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nFor HPE Helion OpenStack 1.1.1:\n\nHelion OpenStack 1.1.1 customers should engage with HPE Helion Professional\nServices via existing support channels to assist with the upgrade. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201602-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: GNU C Library: Multiple vulnerabilities\n Date: February 17, 2016\n Bugs: #516884, #517082, #521932, #529982, #532874, #538090,\n #538814, #540070, #541246, #541542, #547296, #552692, #574880\n ID: 201602-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the GNU C library, the\nworst allowing for remote execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-libs/glibc \u003c 2.21-r2 \u003e= 2.21-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n* The Google Security Team and Red Hat discovered a stack-based buffer\n overflow in the send_dg() and send_vc() functions due to a buffer\n mismanagement when getaddrinfo() is called with AF_UNSPEC\n (CVE-2015-7547). \n* The strftime() function access invalid memory when passed\n out-of-range data, resulting in a crash (CVE-2015-8776). \n* An integer overflow was found in the __hcreate_r() function\n (CVE-2015-8778). \n* Multiple unbounded stack allocations were found in the catopen()\n function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities\nthat had already been fixed in previous versions of sys-libs/glibc, for\nwhich we have not issued a GLSA before. The other vulnerabilities can possibly be\nexploited to cause a Denial of Service or leak information. \n\nWorkaround\n==========\n\nA number of mitigating factors for CVE-2015-7547 have been identified. \nPlease review the upstream advisory and references below. \n\nResolution\n==========\n\nAll GNU C Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-libs/glibc-2.21-r2\"\n\nIt is important to ensure that no running process uses the old glibc\nanymore. The easiest way to achieve that is by rebooting the machine\nafter updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please\nsee bug 574948. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-7423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423\n[ 2 ] CVE-2014-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475\n[ 3 ] CVE-2014-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475\n[ 4 ] CVE-2014-5119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119\n[ 5 ] CVE-2014-6040\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040\n[ 6 ] CVE-2014-7817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817\n[ 7 ] CVE-2014-8121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121\n[ 8 ] CVE-2014-9402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402\n[ 9 ] CVE-2015-1472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472\n[ 10 ] CVE-2015-1781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781\n[ 11 ] CVE-2015-7547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547\n[ 12 ] CVE-2015-8776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776\n[ 13 ] CVE-2015-8778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778\n[ 14 ] CVE-2015-8779\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779\n[ 15 ] Google Online Security Blog: \"CVE-2015-7547: glibc getaddrinfo\n stack-based buffer overflow\"\n\nhttps://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta=\nddrinfo-stack.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201602-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85508",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7547",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#457759",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-16-103-01",
"trust": 1.9
},
{
"db": "BID",
"id": "83265",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39454",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "40339",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10150",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167552",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "164014",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "135802",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "154361",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035020",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA40161",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TRA-2017-08",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97236594",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-301706",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "137497",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136988",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138068",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135853",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137112",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135801",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136048",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135971",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135856",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136881",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135911",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138601",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-90749",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"id": "VAR-201602-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
],
"trust": 0.8356060666666666
},
"last_update_date": "2024-07-23T20:01:54.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 961721",
"trust": 0.8,
"url": "https://bugzilla.novell.com/show_bug.cgi?id=cve-2015-7547"
},
{
"title": "CESA-2016:0176 Critical CentOS 7 glibc Security Update",
"trust": 0.8,
"url": "https://lists.centos.org/pipermail/centos-announce/2016-february/021672.html"
},
{
"title": "CESA-2016:0175 Critical CentOS 6 glibc Security Update",
"trust": 0.8,
"url": "https://lists.centos.org/pipermail/centos-announce/2016-february/021668.html"
},
{
"title": "cisco-sa-20160218-glibc",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160218-glibc"
},
{
"title": "CVE-2015-7547",
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"title": "CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).",
"trust": 0.8,
"url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca"
},
{
"title": "HPSBGN03442",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"title": "HPSBMU03591",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"title": "HPSBGN03547",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"title": "HPSBMU03612",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
},
{
"title": "HPSBGN03549",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"title": "HPSBNS03571",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05073516"
},
{
"title": "HPSBGN03551",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"title": "HPSBST03598",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"title": "HPSBGN03553",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05176716"
},
{
"title": "HPSBST03603",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"title": "HPSBGN03582",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"title": "HPSBGN03597",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"title": "HPSBHF03578",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97236594/522154/index.html"
},
{
"title": "glibc \u306e\u8106\u5f31\u6027(CVE-2015-7547)\u306e\u5f71\u97ff\u3068\u5bfe\u51e6",
"trust": 0.8,
"url": "http://www.miraclelinux.com/security/cve-2015-7547"
},
{
"title": "NV16-003",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-003.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
},
{
"title": "Bug 1293532",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"title": "Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547)",
"trust": 0.8,
"url": "https://access.redhat.com/articles/2161461"
},
{
"title": "\u91cd\u5927\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u6b20\u9665: getaddrinfo() \u3067\u306e glibc \u30b9\u30bf\u30c3\u30af\u30d9\u30fc\u30b9\u306e\u30d0\u30c3\u30d5\u30a1\u30fc\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc (CVE-2015-7547)",
"trust": 0.8,
"url": "https://access.redhat.com/ja/articles/2170311"
},
{
"title": "\u300cglibc \u306b\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u300d\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn97236594.html"
},
{
"title": "SOL47098834: glibc vulnerability CVE-2015-7547",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"title": "April 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
},
{
"title": "CVE-2015-7547 - Debian Security Tracker",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2015-7547"
},
{
"title": "Bug 18665",
"trust": 0.8,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"title": "glibc getaddrinfo Buffer Overflow (CVE-2015-7547)",
"trust": 0.8,
"url": "http://www.tripwire.com/vert/vert-alert/glibc-getaddrinfo-buffer-overflow-cve-2015-7547/"
},
{
"title": "TLSA-2016-7",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-7j.html"
},
{
"title": "CVE-2015-7547 in Ubuntu",
"trust": 0.8,
"url": "http://people.canonical.com/~ubuntu-security/cve/2015/cve-2015-7547.html"
},
{
"title": "VMSA-2016-0002",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"title": "glibc \u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/glibc03/"
},
{
"title": "glibc\u306e\u8106\u5f31\u6027\u300cCVE-2015-7547\u300d\u306b\u5bfe\u3059\u308b\u5f0a\u793e\u88fd\u54c1\u3067\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://esupport.trendmicro.com/solution/ja-jp/1113566.aspx"
},
{
"title": "Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/71529"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-103-01"
},
{
"trust": 1.7,
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/articles/2161461"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0175.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035020"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/sep/7"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/7"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/0"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jun/36"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/83265"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0176.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0225.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0277.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"trust": 1.1,
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"trust": 1.1,
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx206991"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"trust": 1.1,
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"trust": 1.1,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10150"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7547"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160009.html"
},
{
"trust": 0.8,
"url": "https://jprs.jp/tech/security/2016-02-18-glibc-vuln-getaddrinfo.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97236594/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7547"
},
{
"trust": 0.8,
"url": "https://googleonlinesecurity.blogspot.jp/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf"
},
{
"trust": 0.6,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "https://isc.sans.edu/diary/cve-2015-7547"
},
{
"trust": 0.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.6,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.6,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145690841819314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145596041017029\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145672440608228\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145857691004892\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=146161017210491\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10150"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnu"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2900-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "http://downloads.eucalyptus.com/software/eucalyptus/4.2/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://helion.hpwsportal.com"
},
{
"trust": 0.1,
"url": "http://docs.hpcloud.com/#helion/installation/upgrade20_to_212.html"
},
{
"trust": 0.1,
"url": "http://docs.hpcloud.com/#helion/installation/upgrade_to_212.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6040"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1781"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"date": "2016-02-16T17:17:25",
"db": "PACKETSTORM",
"id": "135789"
},
{
"date": "2016-06-16T15:13:17",
"db": "PACKETSTORM",
"id": "137497"
},
{
"date": "2016-07-27T14:25:21",
"db": "PACKETSTORM",
"id": "138068"
},
{
"date": "2016-05-18T23:31:21",
"db": "PACKETSTORM",
"id": "137112"
},
{
"date": "2016-02-17T01:01:26",
"db": "PACKETSTORM",
"id": "135801"
},
{
"date": "2016-02-19T22:33:00",
"db": "PACKETSTORM",
"id": "135853"
},
{
"date": "2016-05-13T16:14:06",
"db": "PACKETSTORM",
"id": "136988"
},
{
"date": "2016-03-03T00:54:17",
"db": "PACKETSTORM",
"id": "136048"
},
{
"date": "2016-02-17T23:53:39",
"db": "PACKETSTORM",
"id": "135810"
},
{
"date": "2016-02-18T21:59:00.120000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"date": "2023-02-12T23:15:36.457000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135810"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "glibc Buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "136048"
}
],
"trust": 0.4
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.