Environment
SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)
SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)
SUSE Linux Enterprise Server 11
Situation
Novell has been made aware of a vulnerability affecting the SUSE Linux Enterprise Server (SLES) operating system:
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function
The following Novell products are affected by this vulnerability because they either run on, or include the SUSE Linux operating system and have dependencies on glibc:
Novell Filr
Novell GroupWise
Novell iPrint Appliance
Novell Messenger
Novell Open Enterprise Server
Novell Service Desk
Novell Vibe
Novell ZENworks
Resolution
Updates for products that have current support are available via SLES update channels.
See: https://www.suse.com/support/kb/doc.php?id=7016113
Novell Filr
Patch is available via Novell Patch Finder under respective Filr versions:
Filr 1.1 - Security Update 3
Filr 1.0.1 - Security Update 5
Novell GroupWise
Apply SUSE patch. No need to patch GroupWise.
Novell iPrint Appliance
iPrint Appliance 1.1 Security Update 3:
https://download.novell.com/Download?buildid=RyrISxl25cI~
iPrint Appliance 1.0.1 Security Update 4:
https://download.novell.com/Download?buildid=G84Y8dbzWwU~
Novell MessengerApply SUSE patch. No need to patch Messenger.
Novell Open Enterprise Server
OES 11SP2: Apply SUSE patch
OES 11SP1: Patch forthcoming
Novell Service Desk
Patch forthcoming
Novell Vibe
Apply SUSE patch. No need to patch Vibe.
Novell ZENworks Appliance
See https://support.microfocus.com/kb/doc.php?id=7016147