SB2016112821 - Multiple vulnerabilities in GNU Glibc
Published: November 28, 2016 Updated: June 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-7424)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
2) Buffer overflow (CVE-ID: CVE-2011-5320)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
Remediation
Install update from vendor's website.
References
- http://rhn.redhat.com/errata/RHSA-2015-1627.html
- http://www.openwall.com/lists/oss-security/2015/01/29/21
- http://www.securityfocus.com/bid/72710
- https://bugzilla.redhat.com/show_bug.cgi?id=1186614
- https://bugzilla.redhat.com/show_bug.cgi?id=981942
- https://sourceware.org/bugzilla/show_bug.cgi?id=18011
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
- http://www.openwall.com/lists/oss-security/2015/03/12/14
- https://bugzilla.redhat.com/show_bug.cgi?id=1196745
- https://marc.info/?l=gimp-developer&m=129567990905823&w=2
- https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4
- https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0
- https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0