Details of VAR-201706-0334

ID

VAR-201706-0334

CVE

CVE-2017-1000366

TITLE

glibc Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201706-808

DESCRIPTION

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. GNU glibc is prone to local memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code in the context of the application. GNU glibc 2.25 and prior versions are vulnerable. glibc (also known as GNU C Library, libc6) is an open source and free C language compiler released under the LGPL license agreement. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: glibc security update Advisory ID: RHSA-2017:1479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1479 Issue date: 2017-06-19 CVE Names: CVE-2017-1000366 ===================================================================== 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 5.9 Long Life, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, and Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 5 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1452543 - CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations 6. Package List: Red Hat Enterprise Linux Long Life (v. 5.9 server): Source: glibc-2.5-107.el5_9.9.src.rpm i386: glibc-2.5-107.el5_9.9.i386.rpm glibc-2.5-107.el5_9.9.i686.rpm glibc-common-2.5-107.el5_9.9.i386.rpm glibc-debuginfo-2.5-107.el5_9.9.i386.rpm glibc-debuginfo-2.5-107.el5_9.9.i686.rpm glibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.i386.rpm glibc-headers-2.5-107.el5_9.9.i386.rpm glibc-utils-2.5-107.el5_9.9.i386.rpm nscd-2.5-107.el5_9.9.i386.rpm ia64: glibc-2.5-107.el5_9.9.i686.rpm glibc-2.5-107.el5_9.9.ia64.rpm glibc-common-2.5-107.el5_9.9.ia64.rpm glibc-debuginfo-2.5-107.el5_9.9.i686.rpm glibc-debuginfo-2.5-107.el5_9.9.ia64.rpm glibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.ia64.rpm glibc-headers-2.5-107.el5_9.9.ia64.rpm glibc-utils-2.5-107.el5_9.9.ia64.rpm nscd-2.5-107.el5_9.9.ia64.rpm x86_64: glibc-2.5-107.el5_9.9.i686.rpm glibc-2.5-107.el5_9.9.x86_64.rpm glibc-common-2.5-107.el5_9.9.x86_64.rpm glibc-debuginfo-2.5-107.el5_9.9.i386.rpm glibc-debuginfo-2.5-107.el5_9.9.i686.rpm glibc-debuginfo-2.5-107.el5_9.9.x86_64.rpm glibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.x86_64.rpm glibc-headers-2.5-107.el5_9.9.x86_64.rpm glibc-utils-2.5-107.el5_9.9.x86_64.rpm nscd-2.5-107.el5_9.9.x86_64.rpm Red Hat Enterprise Linux Server (v. 5 ELS): Source: glibc-2.5-123.el5_11.4.src.rpm i386: glibc-2.5-123.el5_11.4.i386.rpm glibc-2.5-123.el5_11.4.i686.rpm glibc-common-2.5-123.el5_11.4.i386.rpm glibc-debuginfo-2.5-123.el5_11.4.i386.rpm glibc-debuginfo-2.5-123.el5_11.4.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.4.i386.rpm glibc-devel-2.5-123.el5_11.4.i386.rpm glibc-headers-2.5-123.el5_11.4.i386.rpm glibc-utils-2.5-123.el5_11.4.i386.rpm nscd-2.5-123.el5_11.4.i386.rpm s390x: glibc-2.5-123.el5_11.4.s390.rpm glibc-2.5-123.el5_11.4.s390x.rpm glibc-common-2.5-123.el5_11.4.s390x.rpm glibc-debuginfo-2.5-123.el5_11.4.s390.rpm glibc-debuginfo-2.5-123.el5_11.4.s390x.rpm glibc-devel-2.5-123.el5_11.4.s390.rpm glibc-devel-2.5-123.el5_11.4.s390x.rpm glibc-headers-2.5-123.el5_11.4.s390x.rpm glibc-utils-2.5-123.el5_11.4.s390x.rpm nscd-2.5-123.el5_11.4.s390x.rpm x86_64: glibc-2.5-123.el5_11.4.i686.rpm glibc-2.5-123.el5_11.4.x86_64.rpm glibc-common-2.5-123.el5_11.4.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.4.i386.rpm glibc-debuginfo-2.5-123.el5_11.4.i686.rpm glibc-debuginfo-2.5-123.el5_11.4.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.4.i386.rpm glibc-devel-2.5-123.el5_11.4.i386.rpm glibc-devel-2.5-123.el5_11.4.x86_64.rpm glibc-headers-2.5-123.el5_11.4.x86_64.rpm glibc-utils-2.5-123.el5_11.4.x86_64.rpm nscd-2.5-123.el5_11.4.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: glibc-2.12-1.166.el6_7.8.src.rpm x86_64: glibc-2.12-1.166.el6_7.8.i686.rpm glibc-2.12-1.166.el6_7.8.x86_64.rpm glibc-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-devel-2.12-1.166.el6_7.8.i686.rpm glibc-devel-2.12-1.166.el6_7.8.x86_64.rpm glibc-headers-2.12-1.166.el6_7.8.x86_64.rpm glibc-utils-2.12-1.166.el6_7.8.x86_64.rpm nscd-2.12-1.166.el6_7.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-static-2.12-1.166.el6_7.8.i686.rpm glibc-static-2.12-1.166.el6_7.8.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.18.src.rpm x86_64: glibc-2.12-1.47.el6_2.18.i686.rpm glibc-2.12-1.47.el6_2.18.x86_64.rpm glibc-common-2.12-1.47.el6_2.18.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.18.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.x86_64.rpm glibc-devel-2.12-1.47.el6_2.18.i686.rpm glibc-devel-2.12-1.47.el6_2.18.x86_64.rpm glibc-headers-2.12-1.47.el6_2.18.x86_64.rpm glibc-utils-2.12-1.47.el6_2.18.x86_64.rpm nscd-2.12-1.47.el6_2.18.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.10.src.rpm x86_64: glibc-2.12-1.107.el6_4.10.i686.rpm glibc-2.12-1.107.el6_4.10.x86_64.rpm glibc-common-2.12-1.107.el6_4.10.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.10.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.x86_64.rpm glibc-devel-2.12-1.107.el6_4.10.i686.rpm glibc-devel-2.12-1.107.el6_4.10.x86_64.rpm glibc-headers-2.12-1.107.el6_4.10.x86_64.rpm glibc-utils-2.12-1.107.el6_4.10.x86_64.rpm nscd-2.12-1.107.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.9.src.rpm x86_64: glibc-2.12-1.132.el6_5.9.i686.rpm glibc-2.12-1.132.el6_5.9.x86_64.rpm glibc-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-devel-2.12-1.132.el6_5.9.i686.rpm glibc-devel-2.12-1.132.el6_5.9.x86_64.rpm glibc-headers-2.12-1.132.el6_5.9.x86_64.rpm glibc-utils-2.12-1.132.el6_5.9.x86_64.rpm nscd-2.12-1.132.el6_5.9.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.9.src.rpm x86_64: glibc-2.12-1.132.el6_5.9.i686.rpm glibc-2.12-1.132.el6_5.9.x86_64.rpm glibc-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-devel-2.12-1.132.el6_5.9.i686.rpm glibc-devel-2.12-1.132.el6_5.9.x86_64.rpm glibc-headers-2.12-1.132.el6_5.9.x86_64.rpm glibc-utils-2.12-1.132.el6_5.9.x86_64.rpm nscd-2.12-1.132.el6_5.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.12.src.rpm x86_64: glibc-2.12-1.149.el6_6.12.i686.rpm glibc-2.12-1.149.el6_6.12.x86_64.rpm glibc-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-devel-2.12-1.149.el6_6.12.i686.rpm glibc-devel-2.12-1.149.el6_6.12.x86_64.rpm glibc-headers-2.12-1.149.el6_6.12.x86_64.rpm glibc-utils-2.12-1.149.el6_6.12.x86_64.rpm nscd-2.12-1.149.el6_6.12.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.12.src.rpm x86_64: glibc-2.12-1.149.el6_6.12.i686.rpm glibc-2.12-1.149.el6_6.12.x86_64.rpm glibc-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-devel-2.12-1.149.el6_6.12.i686.rpm glibc-devel-2.12-1.149.el6_6.12.x86_64.rpm glibc-headers-2.12-1.149.el6_6.12.x86_64.rpm glibc-utils-2.12-1.149.el6_6.12.x86_64.rpm nscd-2.12-1.149.el6_6.12.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: glibc-2.12-1.166.el6_7.8.src.rpm i386: glibc-2.12-1.166.el6_7.8.i686.rpm glibc-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-devel-2.12-1.166.el6_7.8.i686.rpm glibc-headers-2.12-1.166.el6_7.8.i686.rpm glibc-utils-2.12-1.166.el6_7.8.i686.rpm nscd-2.12-1.166.el6_7.8.i686.rpm ppc64: glibc-2.12-1.166.el6_7.8.ppc.rpm glibc-2.12-1.166.el6_7.8.ppc64.rpm glibc-common-2.12-1.166.el6_7.8.ppc64.rpm glibc-debuginfo-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.8.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc64.rpm glibc-devel-2.12-1.166.el6_7.8.ppc.rpm glibc-devel-2.12-1.166.el6_7.8.ppc64.rpm glibc-headers-2.12-1.166.el6_7.8.ppc64.rpm glibc-utils-2.12-1.166.el6_7.8.ppc64.rpm nscd-2.12-1.166.el6_7.8.ppc64.rpm s390x: glibc-2.12-1.166.el6_7.8.s390.rpm glibc-2.12-1.166.el6_7.8.s390x.rpm glibc-common-2.12-1.166.el6_7.8.s390x.rpm glibc-debuginfo-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.8.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390x.rpm glibc-devel-2.12-1.166.el6_7.8.s390.rpm glibc-devel-2.12-1.166.el6_7.8.s390x.rpm glibc-headers-2.12-1.166.el6_7.8.s390x.rpm glibc-utils-2.12-1.166.el6_7.8.s390x.rpm nscd-2.12-1.166.el6_7.8.s390x.rpm x86_64: glibc-2.12-1.166.el6_7.8.i686.rpm glibc-2.12-1.166.el6_7.8.x86_64.rpm glibc-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-devel-2.12-1.166.el6_7.8.i686.rpm glibc-devel-2.12-1.166.el6_7.8.x86_64.rpm glibc-headers-2.12-1.166.el6_7.8.x86_64.rpm glibc-utils-2.12-1.166.el6_7.8.x86_64.rpm nscd-2.12-1.166.el6_7.8.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.18.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.18.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.x86_64.rpm glibc-static-2.12-1.47.el6_2.18.i686.rpm glibc-static-2.12-1.47.el6_2.18.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.10.src.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.10.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.x86_64.rpm glibc-static-2.12-1.107.el6_4.10.i686.rpm glibc-static-2.12-1.107.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.9.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-static-2.12-1.132.el6_5.9.i686.rpm glibc-static-2.12-1.132.el6_5.9.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.9.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-static-2.12-1.132.el6_5.9.i686.rpm glibc-static-2.12-1.132.el6_5.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-static-2.12-1.149.el6_6.12.i686.rpm glibc-static-2.12-1.149.el6_6.12.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-static-2.12-1.149.el6_6.12.i686.rpm glibc-static-2.12-1.149.el6_6.12.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-static-2.12-1.166.el6_7.8.i686.rpm ppc64: glibc-debuginfo-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.8.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc64.rpm glibc-static-2.12-1.166.el6_7.8.ppc.rpm glibc-static-2.12-1.166.el6_7.8.ppc64.rpm s390x: glibc-debuginfo-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.8.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390x.rpm glibc-static-2.12-1.166.el6_7.8.s390.rpm glibc-static-2.12-1.166.el6_7.8.s390x.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-static-2.12-1.166.el6_7.8.i686.rpm glibc-static-2.12-1.166.el6_7.8.x86_64.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.2): Source: glibc-2.17-106.el7_2.9.src.rpm x86_64: glibc-2.17-106.el7_2.9.i686.rpm glibc-2.17-106.el7_2.9.x86_64.rpm glibc-common-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-devel-2.17-106.el7_2.9.i686.rpm glibc-devel-2.17-106.el7_2.9.x86_64.rpm glibc-headers-2.17-106.el7_2.9.x86_64.rpm glibc-utils-2.17-106.el7_2.9.x86_64.rpm nscd-2.17-106.el7_2.9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2): x86_64: glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-static-2.17-106.el7_2.9.i686.rpm glibc-static-2.17-106.el7_2.9.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.2): Source: glibc-2.17-106.el7_2.9.src.rpm ppc64: glibc-2.17-106.el7_2.9.ppc.rpm glibc-2.17-106.el7_2.9.ppc64.rpm glibc-common-2.17-106.el7_2.9.ppc64.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64.rpm glibc-devel-2.17-106.el7_2.9.ppc.rpm glibc-devel-2.17-106.el7_2.9.ppc64.rpm glibc-headers-2.17-106.el7_2.9.ppc64.rpm glibc-utils-2.17-106.el7_2.9.ppc64.rpm nscd-2.17-106.el7_2.9.ppc64.rpm ppc64le: glibc-2.17-106.el7_2.9.ppc64le.rpm glibc-common-2.17-106.el7_2.9.ppc64le.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64le.rpm glibc-devel-2.17-106.el7_2.9.ppc64le.rpm glibc-headers-2.17-106.el7_2.9.ppc64le.rpm glibc-utils-2.17-106.el7_2.9.ppc64le.rpm nscd-2.17-106.el7_2.9.ppc64le.rpm s390x: glibc-2.17-106.el7_2.9.s390.rpm glibc-2.17-106.el7_2.9.s390x.rpm glibc-common-2.17-106.el7_2.9.s390x.rpm glibc-debuginfo-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-2.17-106.el7_2.9.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390x.rpm glibc-devel-2.17-106.el7_2.9.s390.rpm glibc-devel-2.17-106.el7_2.9.s390x.rpm glibc-headers-2.17-106.el7_2.9.s390x.rpm glibc-utils-2.17-106.el7_2.9.s390x.rpm nscd-2.17-106.el7_2.9.s390x.rpm x86_64: glibc-2.17-106.el7_2.9.i686.rpm glibc-2.17-106.el7_2.9.x86_64.rpm glibc-common-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-devel-2.17-106.el7_2.9.i686.rpm glibc-devel-2.17-106.el7_2.9.x86_64.rpm glibc-headers-2.17-106.el7_2.9.x86_64.rpm glibc-utils-2.17-106.el7_2.9.x86_64.rpm nscd-2.17-106.el7_2.9.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.2): ppc64: glibc-debuginfo-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64.rpm glibc-static-2.17-106.el7_2.9.ppc.rpm glibc-static-2.17-106.el7_2.9.ppc64.rpm ppc64le: glibc-debuginfo-2.17-106.el7_2.9.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64le.rpm glibc-static-2.17-106.el7_2.9.ppc64le.rpm s390x: glibc-debuginfo-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-2.17-106.el7_2.9.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390x.rpm glibc-static-2.17-106.el7_2.9.s390.rpm glibc-static-2.17-106.el7_2.9.s390x.rpm x86_64: glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-static-2.17-106.el7_2.9.i686.rpm glibc-static-2.17-106.el7_2.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-1000366 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/stackguard 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZSDV3XlSAg2UNWIIRAibeAKC2QtxViqngTTBVM9fvG1XjRCkgwACgrHP1 PVr1sUH9RUhxrQOKQqWtnKY= =ywUB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/glibc-2.23-i586-2_slack14.2.txz: Rebuilt. Applied upstream security hardening patches from git. patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz: Rebuilt. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-i18n-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-profile-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-solibs-2.23-x86_64-2_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.25-i586-3.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.25-x86_64-3.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 663f47dc7d0dfedb2ebf7c61d3f2272c glibc-2.23-i586-2_slack14.2.txz 078372f057f25a9208065ab79057e177 glibc-i18n-2.23-i586-2_slack14.2.txz f071cea4355537664e48208f4af62eaf glibc-profile-2.23-i586-2_slack14.2.txz ab57d435ca54b173a9e68f71212fc461 glibc-solibs-2.23-i586-2_slack14.2.txz Slackware x86_64 14.2 packages: 1133b60a4c0ce35878a10bd4315fb648 glibc-2.23-x86_64-2_slack14.2.txz 089ce46a9649272054b9677a545db1e2 glibc-i18n-2.23-x86_64-2_slack14.2.txz 5ac5d520b831cd7f905302feab8d0e75 glibc-profile-2.23-x86_64-2_slack14.2.txz b8457b979d2a6652ce3c0362c2ec5638 glibc-solibs-2.23-x86_64-2_slack14.2.txz Slackware -current packages: 4dc6a08ad5905dcab5dba980b57d6b84 a/glibc-solibs-2.25-i586-3.txz 48c6c4a925eda4dc598470721edced9c l/glibc-2.25-i586-3.txz 1afd5bdb86c5450b1429e5c3ce7c8fd1 l/glibc-i18n-2.25-i586-3.txz 55908b021b0fdf6f00027579b885eea0 l/glibc-profile-2.25-i586-3.txz Slackware x86_64 -current packages: 1e479e2e03e837f66c95cacb2b7649f7 a/glibc-solibs-2.25-x86_64-3.txz ec307efb44585984181c4fe0ce01ce30 l/glibc-2.25-x86_64-3.txz 6503ac6fe173da8a2da47dcbd9c24bb1 l/glibc-i18n-2.25-x86_64-3.txz 22bc7dc3ec5b8b2bc0ca7aa2226a3094 l/glibc-profile-2.25-x86_64-3.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg glibc-*.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201706-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GNU C Library: Multiple vulnerabilities Date: June 20, 2017 Bugs: #608698, #608706, #622220 ID: 201706-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code. Background ========== The GNU C library is the standard C library used by Gentoo Linux systems. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/glibc < 2.23-r4 >= 2.23-r4 Description =========== Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers and Qualys' security advisory referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GNU C Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.23-r4" References ========== [ 1 ] CVE-2015-5180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180 [ 2 ] CVE-2016-6323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323 [ 3 ] CVE-2017-1000366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366 [ 4 ] Qualys Security Advisory - The Stack Clash https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-19 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --cxbO5eT2swQBqr8k9tc6wcfapgLAJb4xR-- . Description: Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. An attacker could use this flaw to crash a server application compiled against the NSS library. Solution: The References section of this erratum contains a link to download CDK 3.0.0-2 (you must log in to download the update). ========================================================================== Ubuntu Security Notice USN-3323-2 June 29, 2017 eglibc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Gnu C library could be made to run programs as an administrator. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: libc6 2.15-0ubuntu10.20 After a standard system update you need to reboot your computer to make all the necessary changes. Description: Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix(es): * It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. (CVE-2017-7512) The underlying container image was also rebuilt to resolve other security issues. Solution: To apply this security fix, use the updated docker images. Bugs fixed (https://bugzilla.redhat.com/): 1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth 5

Trust: 1.89

sources: NVD: CVE-2017-1000366 // BID: 99127 // VULHUB: VHN-100094 // PACKETSTORM: 142999 // PACKETSTORM: 143001 // PACKETSTORM: 143225 // PACKETSTORM: 143033 // PACKETSTORM: 143096 // PACKETSTORM: 143196 // PACKETSTORM: 143264

AFFECTED PRODUCTS

vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 1.3
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux server long life	scope:	eq	version:	5.9	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	5.9	Trust: 1.0
vendor:	novell	model:	suse linux enterprise point of sale	scope:	eq	version:	11.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	lte	version:	2.25	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise for sap	scope:	eq	version:	12	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	42.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	novell	model:	suse linux enterprise server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lte	version:	7.7.2.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.2	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.7.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	12.0	Trust: 1.0
vendor:	openstack	model:	cloud magnum orchestration	scope:	eq	version:	7	Trust: 1.0
vendor:	suse	model:	linux enterprise server for raspberry pi	scope:	eq	version:	12	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lte	version:	7.6.2.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.2	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	vm server for	scope:	eq	version:	x863.4	Trust: 0.3
vendor:	oracle	model:	vm server for	scope:	eq	version:	x863.3	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.7	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.7.2.2	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.4	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.3	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.2	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.14	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.1	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.0	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.22.90	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.9	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3-10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.25	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.24	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.23	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.22	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.21	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.20	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.19	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.18	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.17	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.16	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.15	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.14.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.14	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.13	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3.10	Trust: 0.3
vendor:	gnu	model:	cfengine	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-30	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	7.7.2.3	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	7.6.2.15	Trust: 0.3

sources: BID: 99127 // CNNVD: CNNVD-201706-808 // NVD: CVE-2017-1000366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-1000366
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201706-808
value:	HIGH
Trust: 0.6
VULHUB:	VHN-100094
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-1000366
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-100094
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-1000366
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-100094 // CNNVD: CNNVD-201706-808 // NVD: CVE-2017-1000366

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-100094 // NVD: CVE-2017-1000366

THREAT TYPE

local

Trust: 1.0

sources: BID: 99127 // PACKETSTORM: 143196 // CNNVD: CNNVD-201706-808

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201706-808

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-100094

PATCH

title:

glibc Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71084

Trust: 0.6

sources: CNNVD: CNNVD-201706-808

EXTERNAL IDS

db:	NVD	id:	CVE-2017-1000366	Trust: 2.7
db:	BID	id:	99127	Trust: 2.0
db:	MCAFEE	id:	SB10205	Trust: 2.0
db:	EXPLOIT-DB	id:	42274	Trust: 1.7
db:	EXPLOIT-DB	id:	42276	Trust: 1.7
db:	EXPLOIT-DB	id:	42275	Trust: 1.7
db:	PACKETSTORM	id:	154361	Trust: 1.7
db:	SECTRACK	id:	1038712	Trust: 1.7
db:	CNNVD	id:	CNNVD-201706-808	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3313	Trust: 0.6
db:	PACKETSTORM	id:	143001	Trust: 0.2
db:	PACKETSTORM	id:	142999	Trust: 0.2
db:	PACKETSTORM	id:	143196	Trust: 0.2
db:	PACKETSTORM	id:	143225	Trust: 0.2
db:	PACKETSTORM	id:	142990	Trust: 0.1
db:	PACKETSTORM	id:	143205	Trust: 0.1
db:	PACKETSTORM	id:	143207	Trust: 0.1
db:	PACKETSTORM	id:	142992	Trust: 0.1
db:	PACKETSTORM	id:	143005	Trust: 0.1
db:	PACKETSTORM	id:	143201	Trust: 0.1
db:	VULHUB	id:	VHN-100094	Trust: 0.1
db:	PACKETSTORM	id:	143033	Trust: 0.1
db:	PACKETSTORM	id:	143096	Trust: 0.1
db:	PACKETSTORM	id:	143264	Trust: 0.1

sources: VULHUB: VHN-100094 // BID: 99127 // PACKETSTORM: 142999 // PACKETSTORM: 143001 // PACKETSTORM: 143225 // PACKETSTORM: 143033 // PACKETSTORM: 143096 // PACKETSTORM: 143196 // PACKETSTORM: 143264 // CNNVD: CNNVD-201706-808 // NVD: CVE-2017-1000366

REFERENCES

url:	https://access.redhat.com/security/cve/cve-2017-1000366	Trust: 2.4
url:	http://www.securityfocus.com/bid/99127	Trust: 2.3
url:	http://www.debian.org/security/2017/dsa-3887	Trust: 2.3
url:	http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html	Trust: 2.3
url:	https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt	Trust: 2.1
url:	https://security.gentoo.org/glsa/201706-19	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:1479	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:1480	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:1481	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:1567	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:1712	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/sep/7	Trust: 1.7
url:	https://www.suse.com/security/cve/cve-2017-1000366/	Trust: 1.7
url:	https://www.suse.com/support/kb/doc/?id=7020973	Trust: 1.7
url:	https://www.exploit-db.com/exploits/42274/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/42275/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/42276/	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/sep/7	Trust: 1.7
url:	http://www.securitytracker.com/id/1038712	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10205	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000366	Trust: 0.7
url:	https://www.ibm.com/support/docview.wss?uid=ibm10960426	Trust: 0.6
url:	https://www.ibm.com/support/docview.wss?uid=ibm10887793	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3313/	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10960426	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=efa26d9c13a6fabd34a05139e1d8b2e441b2fae9	Trust: 0.3
url:	http://www.gnu.org/software/libc/	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1452543	Trust: 0.3
url:	https://sourceware.org/bugzilla/show_bug.cgi?id=cve-2017-1000366	Trust: 0.3
url:	https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html	Trust: 0.3
url:	https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html	Trust: 0.3
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10205&actp=null&viewlocale=en_us&showdraft=false&platinum_status=false&locale=en_us	Trust: 0.3
url:	https://access.redhat.com/security/vulnerabilities/stackguard	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000364	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7502	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-1000364	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-7502	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10205	Trust: 0.1
url:	https://sourceware.org/git/?p=glibc.git;a=commit;h=46703a3995aa3ca2b816814aa4ad05ed524194dd	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	https://sourceware.org/git/?p=glibc.git;a=commit;h=adc7e06fb412a2a1ee52f8cb788caf436335b9f3	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000366	Trust: 0.1
url:	https://sourceware.org/git/?p=glibc.git;a=commit;h=3c7cd21290cabdadd72984fb69bc51e64ff1002d	Trust: 0.1
url:	https://sourceware.org/git/?p=glibc.git;a=commit;h=c69d4a0f680a24fdbe323764a50382ad324041e9	Trust: 0.1
url:	https://sourceware.org/git/?p=glibc.git;a=commit;h=3776f38fcd267c127ba5eb222e2c614c191744aa	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6323	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5180	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-1000366	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6323	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5180	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://access.redhat.com/downloads/content/293/	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3323-2	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3323-1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2017:1484	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-7512	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2017:1365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7512	Trust: 0.1

CREDITS

T. Weber

Trust: 0.6

sources: CNNVD: CNNVD-201706-808

SOURCES

db:	VULHUB	id:	VHN-100094
db:	BID	id:	99127
db:	PACKETSTORM	id:	142999
db:	PACKETSTORM	id:	143001
db:	PACKETSTORM	id:	143225
db:	PACKETSTORM	id:	143033
db:	PACKETSTORM	id:	143096
db:	PACKETSTORM	id:	143196
db:	PACKETSTORM	id:	143264
db:	CNNVD	id:	CNNVD-201706-808
db:	NVD	id:	CVE-2017-1000366

LAST UPDATE DATE

2025-01-03T20:59:05.845000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-100094	date:	2020-10-15T00:00:00
db:	BID	id:	99127	date:	2017-09-05T20:13:00
db:	CNNVD	id:	CNNVD-201706-808	date:	2019-09-06T00:00:00
db:	NVD	id:	CVE-2017-1000366	date:	2024-11-21T03:04:33.363

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-100094	date:	2017-06-19T00:00:00
db:	BID	id:	99127	date:	2017-06-19T00:00:00
db:	PACKETSTORM	id:	142999	date:	2017-06-19T23:54:30
db:	PACKETSTORM	id:	143001	date:	2017-06-19T23:54:48
db:	PACKETSTORM	id:	143225	date:	2017-07-03T18:49:28
db:	PACKETSTORM	id:	143033	date:	2017-06-20T22:26:23
db:	PACKETSTORM	id:	143096	date:	2017-06-21T22:27:41
db:	PACKETSTORM	id:	143196	date:	2017-06-30T06:41:55
db:	PACKETSTORM	id:	143264	date:	2017-07-06T20:26:00
db:	CNNVD	id:	CNNVD-201706-808	date:	2017-06-20T00:00:00
db:	NVD	id:	CVE-2017-1000366	date:	2017-06-19T16:29:00.310