Information on source package glibc

Available versions

ReleaseVersion
jessie (security)2.19-18+deb8u10
stretch2.24-11+deb9u4
stretch (security)2.24-11+deb9u1
buster2.28-10
sid2.28-10

Open issues

BugjessiestretchbustersidDescription
CVE-2019-9169vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_n ...
CVE-2018-6551fixedvulnerable (no DSA)fixedfixedThe malloc implementation in the GNU C Library (aka glibc or libc6), f ...
CVE-2018-6485vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn integer overflow in the implementation of the posix_memalign in mem ...
CVE-2018-11237vulnerable (no DSA)fixedfixedfixedAn AVX-512-optimized implementation of the mempcpy function in the GNU ...
CVE-2018-11236vulnerable (no DSA)fixedfixedfixedstdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...
CVE-2018-1000001vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedIn glibc 2.26 and earlier there is confusion in the usage of getcwd() ...
CVE-2017-16997vulnerable (no DSA)fixedfixedfixedelf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...
CVE-2017-15804vulnerable (no DSA)fixedfixedfixedThe glob function in glob.c in the GNU C Library (aka glibc or libc6) ...
CVE-2017-15671vulnerable (no DSA)fixedfixedfixedThe glob function in glob.c in the GNU C Library (aka glibc or libc6) ...
CVE-2017-15670vulnerable (no DSA)fixedfixedfixedThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- ...
CVE-2017-12133vulnerable (no DSA)fixedfixedfixedUse-after-free vulnerability in the clntudp_call function in sunrpc/cl ...
CVE-2017-12132vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...
CVE-2017-1000409vulnerable (no DSA)fixedfixedfixedA buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...
CVE-2017-1000408vulnerable (no DSA)fixedfixedfixedA memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...
CVE-2016-10739vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinf ...
CVE-2016-10228vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerableThe iconv program in the GNU C Library (aka glibc or libc6) 2.25 and e ...
CVE-2015-5180vulnerable (no DSA)fixedfixedfixedres_query in libresolv in glibc before 2.25 allows remote attackers to ...
CVE-2014-9761vulnerable (no DSA)fixedfixedfixedMultiple stack-based buffer overflows in the GNU C Library (aka glibc ...
CVE-2009-5155vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2019-9192vulnerablevulnerablevulnerablevulnerable** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ...
CVE-2019-7309vulnerablevulnerablefixedfixedIn the GNU C Library (aka glibc or libc6) through 2.29, the memcmp fun ...
CVE-2019-6488vulnerablevulnerablefixedfixedThe string component in the GNU C Library (aka glibc or libc6) through ...
CVE-2018-20796vulnerablevulnerablevulnerablevulnerableIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...
CVE-2015-8985vulnerablevulnerablefixedfixedThe pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...
CVE-2010-4756vulnerablevulnerablevulnerablevulnerableThe glob implementation in the GNU C Library (aka glibc or libc6) allo ...
CVE-2010-4052vulnerablevulnerablevulnerablevulnerableStack consumption vulnerability in the regcomp implementation in the G ...
CVE-2010-4051vulnerablevulnerablevulnerablevulnerableThe regcomp implementation in the GNU C Library (aka glibc or libc6) t ...

Resolved issues

BugDescription
TEMP-0552518-ADA4BAeglibc: ldd arbitrary code execution
CVE-2018-19591In the GNU C Library (aka glibc or libc6) through 2.28, attempting to ...
CVE-2017-18269An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 ...
CVE-2017-17426The malloc function in the GNU C Library (aka glibc or libc6) 2.26 cou ...
CVE-2017-1000366glibc contains a vulnerability that allows specially crafted LD_LIBRAR ...
CVE-2016-6323The makecontext function in the GNU C Library (aka glibc or libc6) bef ...
CVE-2016-5417Memory leak in the __res_vinit function in the IPv6 name server manage ...
CVE-2016-4429Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...
CVE-2016-3706Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...
CVE-2016-3075Stack-based buffer overflow in the nss_dns implementation of the getne ...
CVE-2016-2856pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; ...
CVE-2016-1234Stack-based buffer overflow in the glob implementation in GNU C Librar ...
CVE-2015-8984The fnmatch function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-8983Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ...
CVE-2015-8982Integer overflow in the strxfrm function in the GNU C Library (aka gli ...
CVE-2015-8779Stack-based buffer overflow in the catopen function in the GNU C Libra ...
CVE-2015-8778Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...
CVE-2015-8777The process_envvars function in elf/rtld.c in the GNU C Library (aka g ...
CVE-2015-8776The strftime function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-7547Multiple stack-based buffer overflows in the (1) send_dg and (2) send_ ...
CVE-2015-5277The get_contents function in nss_files/files-XXX.c in the Name Service ...
CVE-2015-5229The calloc function in the glibc package in Red Hat Enterprise Linux ( ...
CVE-2015-1781Buffer overflow in the gethostbyname_r and other unspecified NSS funct ...
CVE-2015-1473The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...
CVE-2015-1472The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...
CVE-2015-0235Heap-based buffer overflow in the __nss_hostname_digits_dots function ...
CVE-2014-9984nscd in the GNU C Library (aka glibc or libc6) before version 2.20 doe ...
CVE-2014-9402The nss_dns implementation of getnetbyname in GNU C Library (aka glibc ...
CVE-2014-8121DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...
CVE-2014-7817The wordexp function in GNU C Library (aka glibc) 2.21 does not enforc ...
CVE-2014-6040GNU C Library (aka glibc) before 2.20 allows context-dependent attacke ...
CVE-2014-5119Off-by-one error in the __gconv_translit_find function in gconv_trans. ...
CVE-2014-4043The posix_spawn_file_actions_addopen function in glibc before 2.20 doe ...
CVE-2014-0475Multiple directory traversal vulnerabilities in GNU C Library (aka gli ...
CVE-2013-7424The getaddrinfo function in glibc before 2.15, when compiled with libi ...
CVE-2013-7423The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...
CVE-2013-4788The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6 ...
CVE-2013-4458Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...
CVE-2013-4332Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...
CVE-2013-4237sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2. ...
CVE-2013-2207pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not pr ...
CVE-2013-1914Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...
CVE-2013-0242Buffer overflow in the extend_buffers function in the regular expressi ...
CVE-2012-6656iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows con ...
CVE-2012-4424Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...
CVE-2012-4412Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...
CVE-2012-3480Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...
CVE-2012-3406The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...
CVE-2012-3405The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...
CVE-2012-3404The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...
CVE-2011-5320scanf and related functions in glibc before 2.15 allow local users to ...
CVE-2011-2702Integer signedness error in Glibc before 2.13 and eglibc before 2.13, ...
CVE-2011-1659Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...
CVE-2011-1095locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...
CVE-2011-1089The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...
CVE-2011-1071The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIB ...
CVE-2011-0536Multiple untrusted search path vulnerabilities in elf/dl-object.c in c ...
CVE-2010-3856ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.1 ...
CVE-2010-3847elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) throu ...
CVE-2010-0830Integer signedness error in the elf_get_dynamic_info function in elf/d ...
CVE-2010-0296The encode_name macro in misc/mntent_r.c in the GNU C Library (aka gli ...
CVE-2010-0015nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 an ...
CVE-2009-5064** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and ...
CVE-2009-5029Integer overflow in the __tzfile_read function in glibc before 2.15 al ...
CVE-2009-4881Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...
CVE-2009-4880Multiple integer overflows in the strfmon implementation in the GNU C ...
CVE-2009-0537Integer overflow in the fts_build function in fts.c in libc in (1) Ope ...
CVE-2008-1391Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...
CVE-2008-1367gcc 4.3.x does not generate a cld instruction while compiling function ...
CVE-2008-0122Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...
CVE-2007-4840PHP 5.2.4 and earlier allows context-dependent attackers to cause a de ...
CVE-2007-3508
CVE-2006-7254The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...
CVE-2005-3590The getgrouplist function in the GNU C library (glibc) before version ...
CVE-2005-0403init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterp ...
CVE-2004-1453GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, an ...
CVE-2004-1382The glibcbug script in glibc 2.3.4 and earlier allows local users to o ...
CVE-2004-0968The catchsegv script in glibc 2.3.2 and earlier allows local users to ...
CVE-2003-0689The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...
CVE-2003-0028Integer overflow in the xdrmem_getbytes() function, and possibly other ...
CVE-2002-1146The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...
CVE-2002-0684Buffer overflow in DNS resolver functions that perform lookup of netwo ...
CVE-2002-0651Buffer overflow in the DNS resolver code used in libc, glibc, and libb ...
CVE-2002-0391Integer overflow in xdr_array function in RPC servers for operating sy ...

Security announcements

DSA / DLADescription
DSA-3887-1glibc - security update
DSA-3887-1glibc - security update
DSA-3481-1glibc - security update
DSA-2122-2glibc - privilege escalation
DSA-2122-1glibc - local privilege escalation
DSA-2058-1glibc - several vulnerabilities
DSA-1973-1glibc - information disclosure
DSA-1973-1glibc - information disclosure
DSA-636-1glibc - insecure temporary files
DSA-282glibc - integer overflow
DSA-149glibc - integer overflow

Search for package or bug name: Reporting problems