SuSE Update For Glibc OpenSUSE-SU-2014:1115-1 (glibc) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

glibc was updated to fix three security issues: - A directory traversal in locale environment handling was fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137) - Disable gconv transliteration module loading which could be used for code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187) - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325)

Affected

glibc on openSUSE 13.1, openSUSE 12.3

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00009.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0475, CVE-2014-5119, CVE-2014-6040

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

SLES10: Security update for gecko-sdk and mozilla-xulrunner
SLES10: Security update for libvorbis
SLES10: Security update for Kerberos
SLES10: Security update for Java Struts
SLES10: Security update for liblcms

SuSE Update for glibc openSUSE-SU-2014:1115-1 (glibc)

Take action and discover your vulnerabilities