Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2016:2573
HistoryNov 25, 2016 - 3:25 p.m.

glibc, nscd security update

2016-11-2515:25:38
CentOS Project
lists.centos.org
78

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.01 Low

EPSS

Percentile

83.6%

JSON

CentOS Errata and Security Advisory CESA-2016:2573

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include “networks: dns” with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075)

This issue was discovered by Florian Weimer (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029473.html

Affected packages:
glibc
glibc-common
glibc-devel
glibc-headers
glibc-static
glibc-utils
nscd

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2573

Related

nessus 24
openvas 14
cvelist 1
ibm 3
prion 1
ubuntucve 1
debiancve 1
amazon 1
nvd 1
f5 2
redhat 1
cve 1
archlinux 2
altlinux 1
fedora 2
oraclelinux 2
osv 1
debian 1
mageia 1
photon 2
gentoo 1
ubuntu 2
cloudfoundry 1
suse 2
nessus
nessus
CentOS 7 : glibc (CESA-2016:2573)
2016-11-28 00:00:00
EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073)
2017-05-01 00:00:00
Oracle Linux 7 : glibc (ELSA-2016-3638)
2023-09-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2016-1073)
2020-01-23 00:00:00
RedHat Update for glibc RHSA-2016:2573-02
2016-11-04 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1344)
2020-01-23 00:00:00
cvelist
cvelist
CVE-2016-3075
2016-06-01 20:00:00
ibm
ibm
Security Bulletin: A vulnerability in glibc affects PowerKVM
2018-06-18 01:34:56
Security Bulletin: Vulnerability in glibc affects Power Hardware Management Console (CVE-2016-3075)
2021-09-23 01:31:39
Security Bulletin: Vulnerability in GNU C Library (glibc) affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2016-3075)
2019-01-31 02:25:02
prion
prion
Stack overflow
2016-06-01 20:59:00
ubuntucve
ubuntucve
CVE-2016-3075
2016-03-31 00:00:00
debiancve
debiancve
CVE-2016-3075
2016-06-01 20:59:03
amazon
amazon
Low: glibc
2017-02-06 18:00:00
nvd
nvd
CVE-2016-3075
2016-06-01 20:59:03
f5
f5
SOL15439022 - glibc vulnerability CVE-2016-3075
2016-05-23 00:00:00
K15439022 : glibc vulnerability CVE-2016-3075
2016-05-23 00:00:00
redhat
redhat
(RHSA-2016:2573) Low: glibc security, bug fix, and enhancement update
2016-11-03 06:07:14
cve
cve
CVE-2016-3075
2016-06-01 20:59:03
archlinux
archlinux
glibc: denial of service
2016-08-08 00:00:00
lib32-glibc: denial of service
2016-08-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.23-alt2
2016-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: glibc-2.23.1-7.fc24
2016-05-14 23:42:24
[SECURITY] Fedora 23 Update: glibc-2.22-15.fc23
2016-05-10 18:01:37
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2016-11-09 00:00:00
glibc security update
2016-11-09 00:00:00
osv
osv
eglibc - security update
2016-05-30 00:00:00
debian
debian
[SECURITY] [DLA 494-1] eglibc security update
2016-05-30 04:24:49
mageia
mageia
Updated glibc packages fix security vulnerabilities
2016-05-24 01:00:58
photon
photon
Important Photon OS Security Update - PHSA-2017-0037
2017-04-24 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0013
2017-04-24 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2017-02-19 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2016-05-25 00:00:00
GNU C Library regression
2016-05-26 00:00:00
cloudfoundry
cloudfoundry
USN-2985-2 GNU C Library regression | Cloud Foundry
2016-06-13 00:00:00
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.01 Low

EPSS

Percentile

83.6%

JSON
Related for CESA-2016:2573
nessus24openvas14cvelist1ibm3prion1ubuntucve1debiancve1amazon1nvd1f52redhat1cve1archlinux2altlinux1fedora2oraclelinux2osv1debian1mageia1photon2gentoo1ubuntu2cloudfoundry1suse2