Security update for glibc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0471-1 Final 1 1 2016-02-16T15:19:53Z current 2016-02-16T15:19:53Z 2016-02-16T15:19:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2016-271,SUSE-SLE-SDK-12-SP1-2016-271,SUSE-SLE-SERVER-12-SP1-2016-271 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ Link for SUSE-SU-2016:0471-1 https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html E-Mail link for SUSE-SU-2016:0471-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/950944 SUSE Bug 950944 https://bugzilla.suse.com/955647 SUSE Bug 955647 https://bugzilla.suse.com/956716 SUSE Bug 956716 https://bugzilla.suse.com/958315 SUSE Bug 958315 https://bugzilla.suse.com/961721 SUSE Bug 961721 https://bugzilla.suse.com/962736 SUSE Bug 962736 https://bugzilla.suse.com/962737 SUSE Bug 962737 https://bugzilla.suse.com/962738 SUSE Bug 962738 https://bugzilla.suse.com/962739 SUSE Bug 962739 https://www.suse.com/security/cve/CVE-2014-9761/ SUSE CVE CVE-2014-9761 page https://www.suse.com/security/cve/CVE-2015-7547/ SUSE CVE CVE-2015-7547 page https://www.suse.com/security/cve/CVE-2015-8776/ SUSE CVE CVE-2015-8776 page https://www.suse.com/security/cve/CVE-2015-8777/ SUSE CVE CVE-2015-8777 page https://www.suse.com/security/cve/CVE-2015-8778/ SUSE CVE CVE-2015-8778 page https://www.suse.com/security/cve/CVE-2015-8779/ SUSE CVE CVE-2015-8779 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 glibc-2.19-35.1 glibc-32bit-2.19-35.1 glibc-devel-2.19-35.1 glibc-devel-32bit-2.19-35.1 glibc-i18ndata-2.19-35.1 glibc-locale-2.19-35.1 glibc-locale-32bit-2.19-35.1 nscd-2.19-35.1 glibc-devel-static-2.19-35.1 glibc-info-2.19-35.1 glibc-html-2.19-35.1 glibc-profile-2.19-35.1 glibc-profile-32bit-2.19-35.1 glibc-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-devel-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-devel-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-i18ndata-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-locale-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-locale-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 nscd-2.19-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 glibc-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-devel-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-devel-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-html-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-i18ndata-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-info-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-locale-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-locale-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-profile-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-profile-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 nscd-2.19-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 glibc-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-devel-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-devel-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-html-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-i18ndata-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-info-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-locale-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-locale-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-profile-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-profile-32bit-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 nscd-2.19-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 glibc-devel-static-2.19-35.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 glibc-info-2.19-35.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. CVE-2014-9761 SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-devel-static-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-info-2.19-35.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ https://www.suse.com/security/cve/CVE-2014-9761.html CVE-2014-9761 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962738 SUSE Bug 962738 https://bugzilla.suse.com/986086 SUSE Bug 986086 Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. CVE-2015-7547 SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-devel-static-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-info-2.19-35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ https://www.suse.com/security/cve/CVE-2015-7547.html CVE-2015-7547 https://bugzilla.suse.com/1077097 SUSE Bug 1077097 https://bugzilla.suse.com/847227 SUSE Bug 847227 https://bugzilla.suse.com/961721 SUSE Bug 961721 https://bugzilla.suse.com/967023 SUSE Bug 967023 https://bugzilla.suse.com/967061 SUSE Bug 967061 https://bugzilla.suse.com/967072 SUSE Bug 967072 https://bugzilla.suse.com/967496 SUSE Bug 967496 https://bugzilla.suse.com/969216 SUSE Bug 969216 https://bugzilla.suse.com/969241 SUSE Bug 969241 https://bugzilla.suse.com/969591 SUSE Bug 969591 https://bugzilla.suse.com/986086 SUSE Bug 986086 The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. CVE-2015-8776 SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-devel-static-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-info-2.19-35.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ https://www.suse.com/security/cve/CVE-2015-8776.html CVE-2015-8776 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962736 SUSE Bug 962736 https://bugzilla.suse.com/986086 SUSE Bug 986086 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. CVE-2015-8777 SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-devel-static-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-info-2.19-35.1 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ https://www.suse.com/security/cve/CVE-2015-8777.html CVE-2015-8777 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/950944 SUSE Bug 950944 https://bugzilla.suse.com/962735 SUSE Bug 962735 Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. CVE-2015-8778 SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-devel-static-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-info-2.19-35.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ https://www.suse.com/security/cve/CVE-2015-8778.html CVE-2015-8778 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962737 SUSE Bug 962737 https://bugzilla.suse.com/986086 SUSE Bug 986086 Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. CVE-2015-8779 SUSE Linux Enterprise Desktop 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Desktop 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-devel-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-html-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-i18ndata-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-info-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-locale-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:glibc-profile-32bit-2.19-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:nscd-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-devel-static-2.19-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:glibc-info-2.19-35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160471-1/ https://www.suse.com/security/cve/CVE-2015-8779.html CVE-2015-8779 https://bugzilla.suse.com/1123874 SUSE Bug 1123874 https://bugzilla.suse.com/962739 SUSE Bug 962739 https://bugzilla.suse.com/965453 SUSE Bug 965453 https://bugzilla.suse.com/986086 SUSE Bug 986086