The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 6.7 (including) | 6.7 (including) |
| Enterprise_linux | Redhat | 7.2 (including) | 7.2 (including) |
| Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_hpc_node | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_hpc_node_eus | Redhat | 7.2 (including) | 7.2 (including) |
| Enterprise_linux_server | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server_aus | Redhat | 7.2 (including) | 7.2 (including) |
| Enterprise_linux_server_eus | Redhat | 7.2 (including) | 7.2 (including) |
| Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |
| Red Hat Enterprise Linux 6 | RedHat | glibc-0:2.12-1.166.el6_7.1 | * |
| Red Hat Enterprise Linux 7 | RedHat | glibc-0:2.17-106.el7_2.4 | * |
References
- http://rhn.redhat.com/errata/RHSA-2016-0176.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/84172
- https://bugzilla.redhat.com/show_bug.cgi?id=1246713
- https://bugzilla.redhat.com/show_bug.cgi?id=1256285
- https://bugzilla.redhat.com/show_bug.cgi?id=1293976
- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150
- http://rhn.redhat.com/errata/RHSA-2016-0176.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/84172
- https://bugzilla.redhat.com/show_bug.cgi?id=1246713
- https://bugzilla.redhat.com/show_bug.cgi?id=1256285
- https://bugzilla.redhat.com/show_bug.cgi?id=1293976
- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150