Christoph Pleger

**Name of the Vulnerable Software and Affected Versions** glibc versions 2.7 and earlier glibc-64bit versions prior to the fixed version glibc-dceext-32bit versions prior to the fixed version glibc-profile-64bit versions prior to the fixed version glibc-obsolete versions prior to the fixed version glibc-locale-64bit versions prior to the fixed version glibc-dceext versions prior to the fixed version glibc-debuginfo versions prior to the fixed version glibc-devel-64bit versions prior to the fixed version libc6-sparcv9 versions prior to the fixed version **Description** The issue concerns multiple vulnerabilities in the glibc package of the SUSE Linux Enterprise and Debian GNU/Linux operating systems. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Specifically, the `getpwnam` function in the GNU C Library (glibc) allows remote attackers to obtain the encrypted passwords of NIS accounts by calling this function. **Recommendations** For glibc version 2.7, update to a version later than 2.7. For glibc-64bit, update to the fixed version. For glibc-dceext-32bit, update to the fixed version. For glibc-profile-64bit, update to the fixed version. For glibc-obsolete, update to the fixed version. For glibc-locale-64bit, update to the fixed version. For glibc-dceext, update to the fixed version. For glibc-debuginfo, update to the fixed version. For glibc-devel-64bit, update to the fixed version. For libc6-sparcv9, update to the fixed version.