Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31404
HistoryNov 30, 2014 - 12:00 a.m.

[ MDVSA-2014:232 ] glibc

2014-11-3000:00:00
vulners.com
18
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:232
http://www.mandriva.com/en/support/security/

Package : glibc
Date : November 27, 2014
Affected: Business Server 1.0

Problem Description:

Updated glibc package fixes security vulnerability:

The function wordexp\(\) fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of $((… ``))
where … can be anything valid. The backticks in the arithmetic
epxression are evaluated by in a shell even if WRDE_NOCMD forbade
command substitution. This allows an attacker to attempt to pass
dangerous commands via constructs of the above form, and bypass the
WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
http://advisories.mageia.org/MGASA-2014-0496.html

Updated Packages:

Mandriva Business Server 1/X86_64:
87ae1aa0260d5f271b8a49df1ca96c92 mbs1/x86_64/glibc-2.14.1-12.10.mbs1.x86_64.rpm
fbdc85e27c41425f5f0faa17226e2fa4 mbs1/x86_64/glibc-devel-2.14.1-12.10.mbs1.x86_64.rpm
729c49b58fbb5ba6fb3ce703ec8d9353 mbs1/x86_64/glibc-doc-2.14.1-12.10.mbs1.noarch.rpm
a14e93fbabc854d6d913c20c33a7b060 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.10.mbs1.noarch.rpm
b3f4903a52588c6b391ed234cacfc4fd mbs1/x86_64/glibc-i18ndata-2.14.1-12.10.mbs1.x86_64.rpm
1363d9159b189daaa0b4933e9d645480 mbs1/x86_64/glibc-profile-2.14.1-12.10.mbs1.x86_64.rpm
7a2f3ec56db9f916897338ce764b65ed mbs1/x86_64/glibc-static-devel-2.14.1-12.10.mbs1.x86_64.rpm
7941468822129b1034c7284a49539864 mbs1/x86_64/glibc-utils-2.14.1-12.10.mbs1.x86_64.rpm
dc952727199d879d209e102c2b938c3b mbs1/x86_64/nscd-2.14.1-12.10.mbs1.x86_64.rpm
5e1ca0b6bd6d1b095459d6e9de32e663 mbs1/SRPMS/glibc-2.14.1-12.10.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUdvdRmqjQ0CJFipgRArw8AJwNC712ClfzCbT7gqXDVCtml2JSQwCgzLFa
rkKj1OpuF/CX1tRhPAYXRHw=
=8D8z
-----END PGP SIGNATURE-----

Related

nessus 25
openvas 20
cve 1
debiancve 1
ubuntucve 1
mageia 1
centos 2
f5 2
archlinux 1
securityvulns 1
prion 1
redhat 2
ibm 11
oraclelinux 4
amazon 1
osv 2
fedora 2
debian 2
ubuntu 1
gentoo 1
oracle 2
nessus
nessus
CentOS 7 : glibc (CESA-2014:2023)
2014-12-22 00:00:00
Scientific Linux Security Update : glibc on SL7.x x86_64 (20141218)
2014-12-22 00:00:00
RHEL 7 : glibc (RHSA-2014:2023)
2014-12-19 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0496)
2022-01-28 00:00:00
F5 BIG-IP - GNU C Library (glibc) vulnerability CVE-2014-7817
2015-09-19 00:00:00
CentOS Update for glibc CESA-2015:0016 centos6
2015-01-23 00:00:00
cve
cve
CVE-2014-7817
2014-11-24 15:59:00
debiancve
debiancve
CVE-2014-7817
2014-11-24 15:59:00
ubuntucve
ubuntucve
CVE-2014-7817
2014-11-24 00:00:00
mageia
mageia
Updated glibc packages fix CVE-2014-7817
2014-11-26 20:29:06
centos
centos
glibc, nscd security update
2014-12-19 12:43:11
glibc, nscd security update
2015-01-07 22:45:41
f5
f5
K16010 : GNU C Library (glibc) vulnerability CVE-2014-7817
2015-09-17 00:00:00
SOL16010 - GNU C Library (glibc) vulnerability CVE-2014-7817
2015-01-21 00:00:00
archlinux
archlinux
glibc: command execution
2014-11-21 00:00:00
securityvulns
securityvulns
GNU glibc code execution
2014-11-30 00:00:00
prion
prion
Input validation
2014-11-24 15:59:00
redhat
redhat
(RHSA-2014:2023) Moderate: glibc security and bug fix update
2014-12-18 00:00:00
(RHSA-2015:0016) Moderate: glibc security and bug fix update
2015-01-07 00:00:00
ibm
ibm
Security Bulletin: Open Source GNU glibc vulnerabilities on IBM SONAS (CVE-2014-7817, CVE-2014-9087)
2018-06-18 00:09:22
Security Bulletin: Open Source GNU glibc vulnerabilities on IBM Storwize V7000 Unified (CVE-2014-7817, CVE-2014-9087)
2018-06-18 00:09:10
Security Bulletin: GNU C Library (glibc) Vulnerability Affects Power Hardware Management Console (CVE-2015-0235, CVE-2014-6040, CVE-2014-7817)
2021-09-23 01:31:39
oraclelinux
oraclelinux
glibc security and bug fix update
2015-01-07 00:00:00
glibc security and bug fix update
2014-12-18 00:00:00
glibc security update
2015-01-27 00:00:00
amazon
amazon
Medium: glibc
2015-01-08 12:38:00
osv
osv
eglibc - security update
2014-11-29 00:00:00
eglibc - security update
2015-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
[SECURITY] Fedora 20 Update: glibc-2.18-19.fc20
2015-03-04 10:25:31
debian
debian
[SECURITY] [DLA 97-1] eglibc security update
2014-11-29 18:51:24
[SECURITY] [DSA 3142-1] eglibc security update
2015-01-27 15:39:01
ubuntu
ubuntu
GNU C Library vulnerabilities
2014-12-03 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:31404
nessus25openvas20cve1debiancve1ubuntucve1mageia1centos2f52archlinux1securityvulns1prion1redhat2ibm11oraclelinux4amazon1osv2fedora2debian2ubuntu1gentoo1oracle2