Описание
ELSA-2014-2023: glibc security and bug fix update (MODERATE)
[2.17-55.0.4.el7_0.3]
- Remove strstr and strcasestr implementations using sse4.2 instructions.
- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi)
[2.17-55.3]
- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118)
[2.17-55.2]
- ftell: seek to end only when there are unflushed bytes (#1170187).
[2.17-55.1]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
glibc
2.17-55.0.4.el7_0.3
glibc-common
2.17-55.0.4.el7_0.3
glibc-devel
2.17-55.0.4.el7_0.3
glibc-headers
2.17-55.0.4.el7_0.3
glibc-static
2.17-55.0.4.el7_0.3
glibc-utils
2.17-55.0.4.el7_0.3
nscd
2.17-55.0.4.el7_0.3
Связанные CVE
Связанные уязвимости
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforc ...
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".