ELSA-2017-1479

Опубликовано: 06 июл. 2017

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2017-1479: glibc security update (IMPORTANT)

[2.5-123.0.2.el5_11.3]

Mitigation for CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations.

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

glibc

2.5-123.0.2.el5_11.3

glibc-common

2.5-123.0.2.el5_11.3

glibc-devel

2.5-123.0.2.el5_11.3

glibc-headers

2.5-123.0.2.el5_11.3

glibc-utils

2.5-123.0.2.el5_11.3

nscd

2.5-123.0.2.el5_11.3

Oracle Linux x86_64

glibc

2.5-123.0.2.el5_11.3

glibc-common

2.5-123.0.2.el5_11.3

glibc-devel

2.5-123.0.2.el5_11.3

glibc-headers

2.5-123.0.2.el5_11.3

glibc-utils

2.5-123.0.2.el5_11.3

nscd

2.5-123.0.2.el5_11.3

Oracle Linux i386

glibc

2.5-123.0.2.el5_11.3

glibc-common

2.5-123.0.2.el5_11.3

glibc-devel

2.5-123.0.2.el5_11.3

glibc-headers

2.5-123.0.2.el5_11.3

glibc-utils

2.5-123.0.2.el5_11.3

nscd

2.5-123.0.2.el5_11.3

Связанные CVE

CVE-2017-1000366

Ссылки на источники

Связанные уязвимости

CVE-2017-1000366

CVSS3: 7.8

ubuntu

больше 8 лет назад

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.