{"affected":[{"ecosystem_specific":{"binaries":[{"glibc":"2.19-20.3","glibc-32bit":"2.19-20.3","glibc-devel":"2.19-20.3","glibc-devel-32bit":"2.19-20.3","glibc-i18ndata":"2.19-20.3","glibc-locale":"2.19-20.3","glibc-locale-32bit":"2.19-20.3","nscd":"2.19-20.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"glibc","purl":"pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.19-20.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"glibc-devel-static":"2.19-20.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"glibc","purl":"pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.19-20.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"glibc":"2.19-20.3","glibc-32bit":"2.19-20.3","glibc-devel":"2.19-20.3","glibc-devel-32bit":"2.19-20.3","glibc-html":"2.19-20.3","glibc-i18ndata":"2.19-20.3","glibc-info":"2.19-20.3","glibc-locale":"2.19-20.3","glibc-locale-32bit":"2.19-20.3","glibc-profile":"2.19-20.3","glibc-profile-32bit":"2.19-20.3","nscd":"2.19-20.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"glibc","purl":"pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.19-20.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"glibc":"2.19-20.3","glibc-32bit":"2.19-20.3","glibc-devel":"2.19-20.3","glibc-devel-32bit":"2.19-20.3","glibc-html":"2.19-20.3","glibc-i18ndata":"2.19-20.3","glibc-info":"2.19-20.3","glibc-locale":"2.19-20.3","glibc-locale-32bit":"2.19-20.3","glibc-profile":"2.19-20.3","glibc-profile-32bit":"2.19-20.3","nscd":"2.19-20.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"glibc","purl":"pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.19-20.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"glibc has been updated to fix four security issues.\n\nThese security issues were fixed:\n- CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 did not enforce the WRDE_NOCMD flag, which allowed context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((`...`))' (bnc#906371).\n- CVE-2015-1472: Heap buffer overflow in glibc swscanf (bnc#916222).\n- CVE-2014-9402: Denial of service in getnetbyname function (bnc#910599).\n- CVE-2013-7423: Getaddrinfo() writes DNS queries to random file descriptors under high load (bnc#915526).\n\nThese non-security issues were fixed:\n- Fix infinite loop in check_pf (bsc#909053)\n- Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985).\n- Don't touch user-controlled stdio locks in forked child (bsc#864081)\n- Don't use gcc extensions for non-gcc compilers (bsc#905313)\n  ","id":"SUSE-SU-2015:0526-1","modified":"2015-03-06T15:57:36Z","published":"2015-03-06T15:57:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150526-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/864081"},{"type":"REPORT","url":"https://bugzilla.suse.com/905313"},{"type":"REPORT","url":"https://bugzilla.suse.com/906371"},{"type":"REPORT","url":"https://bugzilla.suse.com/909053"},{"type":"REPORT","url":"https://bugzilla.suse.com/910599"},{"type":"REPORT","url":"https://bugzilla.suse.com/915526"},{"type":"REPORT","url":"https://bugzilla.suse.com/915985"},{"type":"REPORT","url":"https://bugzilla.suse.com/916222"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-7423"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-7817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9402"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-1472"}],"related":["CVE-2013-7423","CVE-2014-7817","CVE-2014-9402","CVE-2015-1472"],"summary":"Security update for glibc","upstream":["CVE-2013-7423","CVE-2014-7817","CVE-2014-9402","CVE-2015-1472"]}