Security update for glibc

Announcement ID: SUSE-SU-2015:1424-1
Rating: important
References:
Cross-References:
CVSS scores:
Affected Products:
  • SLES for SAP Applications 11-SP3
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Desktop 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP4
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves three vulnerabilities and has seven security fixes can now be installed.

Description:

This update for glibc provides fixes for security and non-security issues.

These security issues have been fixed:

  • CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080)
  • CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257)
  • CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187)
  • Fix read past end of pattern in fnmatch. (bsc#920338)

These non-security issues have been fixed:

  • Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280)
  • Record TTL also for DNS PTR queries. (bsc#928723)
  • Fix invalid free in ld.so. (bsc#932059)
  • Make PowerPC64 default to non-executable stack. (bsc#933770)
  • Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903)
  • Fix bad TEXTREL in glibc.i686. (bsc#935286)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 11 SP3
    zypper in -t patch sledsp3-glibc-12042=1
  • SUSE Linux Enterprise Desktop 11 SP4
    zypper in -t patch sledsp4-glibc-12042=1
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3
    zypper in -t patch slessp3-glibc-12042=1
  • SUSE Linux Enterprise Server 11 SP3
    zypper in -t patch slessp3-glibc-12042=1
  • SLES for SAP Applications 11-SP3
    zypper in -t patch slessp3-glibc-12042=1
  • SUSE Linux Enterprise Software Development Kit 11 SP3
    zypper in -t patch sdksp3-glibc-12042=1
  • SUSE Linux Enterprise Software Development Kit 11 SP4
    zypper in -t patch sdksp4-glibc-12042=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-glibc-12042=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-glibc-12042=1

Package List:

  • SUSE Linux Enterprise Desktop 11 SP3 (nosrc x86_64 i686 i586)
    • glibc-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i686 i586)
    • glibc-devel-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i586)
    • glibc-i18ndata-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP3 (x86_64)
    • glibc-32bit-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP4 (nosrc x86_64 i686 i586)
    • glibc-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i686 i586)
    • glibc-devel-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
    • glibc-i18ndata-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64)
    • glibc-32bit-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3 (x86_64 i586)
    • glibc-profile-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-2.11.3-17.87.3
    • glibc-html-2.11.3-17.87.3
    • glibc-devel-2.11.3-17.87.3
    • glibc-i18ndata-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3 (x86_64)
    • glibc-profile-32bit-2.11.3-17.87.3
    • glibc-32bit-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 (s390x x86_64 i586 ppc64 ia64 i686 nosrc)
    • glibc-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 (s390x x86_64 i586 ppc64 ia64 i686)
    • glibc-devel-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 (s390x x86_64 i586 ppc64 ia64)
    • glibc-profile-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-html-2.11.3-17.87.3
    • glibc-i18ndata-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 (ia64)
    • glibc-locale-x86-2.11.3-17.87.3
    • glibc-x86-2.11.3-17.87.3
    • glibc-profile-x86-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64)
    • glibc-profile-32bit-2.11.3-17.87.3
    • glibc-32bit-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3
  • SLES for SAP Applications 11-SP3 (x86_64)
    • glibc-32bit-2.11.3-17.87.3
    • glibc-profile-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-2.11.3-17.87.3
    • glibc-html-2.11.3-17.87.3
    • glibc-devel-2.11.3-17.87.3
    • glibc-i18ndata-2.11.3-17.87.3
    • glibc-profile-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3
  • SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64 i586)
    • glibc-html-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
  • SUSE Linux Enterprise Software Development Kit 11 SP4 (x86_64 i586)
    • glibc-html-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 i686 nosrc)
    • glibc-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 i686)
    • glibc-devel-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • glibc-profile-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-html-2.11.3-17.87.3
    • glibc-i18ndata-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP4 (ia64)
    • glibc-locale-x86-2.11.3-17.87.3
    • glibc-x86-2.11.3-17.87.3
    • glibc-profile-x86-2.11.3-17.87.3
  • SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64)
    • glibc-profile-32bit-2.11.3-17.87.3
    • glibc-32bit-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3
  • SLES for SAP Applications 11-SP4 (ppc64 nosrc x86_64)
    • glibc-2.11.3-17.87.3
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • glibc-32bit-2.11.3-17.87.3
    • glibc-profile-2.11.3-17.87.3
    • glibc-devel-32bit-2.11.3-17.87.3
    • glibc-info-2.11.3-17.87.3
    • glibc-locale-2.11.3-17.87.3
    • nscd-2.11.3-17.87.3
    • glibc-html-2.11.3-17.87.3
    • glibc-devel-2.11.3-17.87.3
    • glibc-i18ndata-2.11.3-17.87.3
    • glibc-profile-32bit-2.11.3-17.87.3
    • glibc-locale-32bit-2.11.3-17.87.3

References: