glibc-2.17-105.el7
エラータID: AXSA:2015-569:01
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
Security issues fixed with this release:
CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc
or libc6) before 2.20 does not properly reuse file descriptors, which
allows remote attackers to send DNS queries to unintended locations
via a large number of request that trigger a call to the getaddrinfo
function.
CVE-2015-1472
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka
glibc or libc6) before 2.21 does not properly consider data-type size
during memory allocation, which allows context-dependent attackers to
cause a denial of service (buffer overflow) or possibly have
unspecified other impact via a long line containing wide characters
that are improperly handled in a wscanf call.
CVE-2015-1473
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka
glibc or libc6) before 2.21 does not properly consider data-type size
during a risk-management decision for use of the alloca function,
which might allow context-dependent attackers to cause a denial of
service (segmentation violation) or overwrite memory locations beyond
the stack boundary via a long line containing wide characters that are
improperly handled in a wscanf call.
CVE-2015-1781
Buffer overflow in the gethostbyname_r and other unspecified NSS
functions in the GNU C Library (aka glibc or libc6) before 2.22 allows
context-dependent attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted DNS response, which triggers a
call with a misaligned buffer.
Fixed bugs:
These updated glibc packages also include numerous bug fixes and one enhancement.
Update packages.
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
N/A
SRPMS
- glibc-2.17-105.el7.src.rpm
MD5: 9ed8e42e10dddef06a781c8a9a075b26
SHA-256: 2086754f65e73d35a4558489012bdf7134752a37920a587fc78baea1eab76ffa
Size: 23.07 MB
Asianux Server 7 for x86_64
- glibc-2.17-105.el7.x86_64.rpm
MD5: 1e9695518004ec47cfdc8fed585ca44b
SHA-256: b3f41ce3e1f123d7042cb04f8d73a020b084641a99896a68ad54dfa55359b572
Size: 3.58 MB - glibc-common-2.17-105.el7.x86_64.rpm
MD5: a08465d32df1033d418d039ca514e53d
SHA-256: 920be023b851c40b8f7d01593d2f23d971093941c1075e75a6a5897a60dd7689
Size: 11.46 MB - glibc-devel-2.17-105.el7.x86_64.rpm
MD5: 95cde8c60d24b32ca5aed6806529b5dc
SHA-256: ddd051f2f60abb87334e1b190dcd180e2f8b18d0a32c540cd1097bc98d0cadb6
Size: 1.05 MB - glibc-headers-2.17-105.el7.x86_64.rpm
MD5: 9fd6c64d0348c34972264ecb05b58d85
SHA-256: a247e592e556bd3e4ea10d80582b96bf6ec80005e1ca6f23878a15901aace8b6
Size: 660.01 kB - glibc-utils-2.17-105.el7.x86_64.rpm
MD5: e034f5907d17e80d9e23067561c2a4b6
SHA-256: 6583e7fc9954b56faa7a2b7e98300302d18456032e5a52c66b526d2d33ce1db0
Size: 200.63 kB - nscd-2.17-105.el7.x86_64.rpm
MD5: fa012795725d8c625967a079f18dd491
SHA-256: d95520f3641d176ae1c4d90b05936cb394d403163cef4507c52332db0cc3d1f1
Size: 259.11 kB - glibc-2.17-105.el7.i686.rpm
MD5: 6f79e23efd302837a04c022dca80b503
SHA-256: 5fe1f88e76d211f7fcae5731c84e19cd91e79afa89f78fcb97ec91f7739ed417
Size: 4.18 MB - glibc-devel-2.17-105.el7.i686.rpm
MD5: 2e782a6f9fe5c950a3abf3e6c318a2e0
SHA-256: 002576c200c4208048a342820539088a8313143b3ab4de98e469bb5ce63b772e
Size: 1.05 MB