Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:14923-1 Important: glibc Buffer Overflow Fix

suse
Calendar Grey March 21, 2022
Dist Suse Esm H88
SUSE Security Release: Critical glibc update addresses five major vulnerabilities, boosting system reliability.
An update that fixes 5 vulnerabilities is now available

Summary

This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768, BZ #22542) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768) - CVE-2021-3999: Fixed in getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769) - CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269) - CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-glibc-14923=1

Topics%20covered

Topics Covered

security advisory buffer overflow critical patch important glibc SUSE Linux

References

#1193615 #1193616 #1194640 #1194768 #1194770

Cross- CVE-2015-8982 CVE-2015-8983 CVE-2021-3999

CVE-2022-23218 CVE-2022-23219

CVSS scores:

CVE-2015-8982 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2015-8982 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2015-8983 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products:

SUSE Linux Enterprise Debuginfo 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Server 11-SP4-LTSS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:14923-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow critical patch important glibc SUSE Linux

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here