ELSA-2017-1480

Опубликовано: 19 июн. 2017

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2017-1480: glibc security update (IMPORTANT)

[2.12-1.209.0.3.2]

backport rh patch 1047983 from OL7, Orabug 25407655

[2.12-1.209.2]

Avoid large allocas in the dynamic linker (#1452711)

[2.12-1.209.1]

Fix thread cancellation issues for setmntent() and others (#1437618).

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

glibc

2.12-1.209.0.3.el6_9.2

glibc-common

2.12-1.209.0.3.el6_9.2

glibc-devel

2.12-1.209.0.3.el6_9.2

glibc-headers

2.12-1.209.0.3.el6_9.2

glibc-static

2.12-1.209.0.3.el6_9.2

glibc-utils

2.12-1.209.0.3.el6_9.2

nscd

2.12-1.209.0.3.el6_9.2

Oracle Linux i686

glibc

2.12-1.209.0.3.el6_9.2

glibc-common

2.12-1.209.0.3.el6_9.2

glibc-devel

2.12-1.209.0.3.el6_9.2

glibc-headers

2.12-1.209.0.3.el6_9.2

glibc-static

2.12-1.209.0.3.el6_9.2

glibc-utils

2.12-1.209.0.3.el6_9.2

nscd

2.12-1.209.0.3.el6_9.2

Связанные CVE

CVE-2017-1000366

Ссылки на источники

Связанные уязвимости

CVE-2017-1000366

CVSS3: 7.8

ubuntu

больше 8 лет назад

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.