Описание
ELSA-2018-3092: glibc security, bug fix, and enhancement update (MODERATE)
[2.17-260.0.9]
- Regenerate plural.c
- OraBug 28806294.
- Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
[2.17-260.0.7]
- intl: Port to Bison 3.0
- Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
- OraBug 28806294.
- Reviewed-by: Patrick McGehearty patrick.mcgehearty@oracle.com
[2.17-260.0.5]
- Fix dbl-64/wordsize-64 remquo (bug 17569).
- Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
- OraBug 19570749.
- Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
[2.17-260.0.3]
- libio: Disable vtable validation in case of interposition.
- Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
- OraBug 28641867.
- Reviewed-by: Egeyar Bagcioglu egeyar.bagcioglu@oracle.com
[2.17-260.0.1]
-
Include-linux-falloc.h-in-bits-fcntl-linux.h
-
Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
-
OraBug 28483336
-
Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
-
sysdeps/unix/sysv/linux/x86/bits/mman.h
-
OraBug 28389572
[2.17-260.0.1]
- Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
- Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9).
- It also adds si_trapno field for alpha.
- New values: BUS_MCEERR_AR, BUS_MCEERR_AO
- OraBug 28124569
[2.17-260]
- Update glibc-rh1560641.patch to initialize pad outside the conditional eliminating an uninitialized byte warning from valgrind. (#1560641)
[2.17-259]
- Correctly set errno when send() fails on i686 (#1550080)
[2.17-258]
- Fix dynamic string token substitution in DT_RPATH etc. (#1447808, #1540480)
- Additional robust mutex fixes (#1401665)
[2.17-257]
- Improve process-shared robust mutex support (#1401665)
[2.17-256]
- CVE-2017-16997: Correctly handle DT_RPATH (#1540480).
- Correctly process '' element in DT_RPATH or DT_NEEDED (#1447808).
[2.17-255]
- Make transition from legacy nss_db easier (#1408964)
[2.17-254]
- nptl: Avoid expected SIGALRM in most tests (#1372304)
[2.17-253]
- Add support for el_GR@euro locale. Update el_GR, ur_IN and wal_ET locales. (#1448107)
[2.17-252]
- Do not scale NPTL tests with available number of CPUs (#1526193)
[2.17-251]
- Correctly set errno when send() fails on s390 and s390x (#1550080)
[2.17-250]
- Initialize pad field in sem_open. (#1560641)
[2.17-249]
- getlogin_r: Return early when process has no associated login UID (#1563046)
[2.17-248]
- Return static array, not local array from transliteration function (#1505500)
[2.17-247]
- Re-write multi-statement strftime_l macros using better style (#1505477)
[2.17-246]
- Fix pthread_barrier_init typo (#1505451)
[2.17-245]
- CVE-2018-11237: AVX-512 mempcpy for KNL buffer overflow (#1579809)
[2.17-244]
- resolv: Fix crash after memory allocation failure (#1579727)
[2.17-243]
- CVE-2018-11236: Path length overflow in realpath (#1579742)
[2.17-242]
- S390: fix sys/ptrace.h to make it includible again after asm/ptrace.h (#1457479)
[2.17-241]
- x86: setcontext, makecontext alignment issues (#1531168)
[2.17-240]
- Remove abort() warning in manual (#1577333)
[2.17-239]
- Add Open File Description (OFL) locks. (#1461231)
[2.17-238]
- Properly handle more invalid --install-langs arguments. (#1349982)
[2.17-237]
- Add O_TMPFILE macro (#1471405)
- Update syscall names list to kernel 4.16 (#1563747)
- Include <linux/falloc.h> in bits/fcntl-linux.h. (#1476120)
- Fix netgroup cache keys. (#1505647)
- Update ptrace constants. (#1457479)
[2.17-236]
- Fix strfmon_l so that it groups digits (#1307241)
[2.17-235]
- CVE-2018-6485: Integer overflow in posix_memalign in memalign (#1548002)
[2.17-234]
- Adjust spec file for compiler warnings cleanup (#1505492)
- Drop ports add-on
- Do not attempt to disable warnings-as-errors on s390x
[2.17-233]
- Compiler warnings cleanup, phase 7 (#1505492)
[2.17-232]
- Compiler warnings cleanup, phase 6 (#1505492)
[2.17-231]
- Compiler warnings cleanup, phase 5 (#1505492)
[2.17-230]
- Compiler warnings cleanup, phase 4 (#1505492)
[2.17-229]
- Compiler warnings cleanup, phase 3 (#1505492)
[2.17-228]
- Compiler warnings cleanup, phase 2 (#1505492)
[2.17-227]
- Fix downstream-specific compiler warnings (#1505492)
[2.17-226]
- rtkaio: Do not define IN_MODULE (#1349967)
[2.17-225]
- Fix K&R function definitions in libio (#1566623)
[2.17-224]
- Fix type errors in string tests (#1564638)
[2.17-223]
- Make nscd build reproducible for verification (#1505492)
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
glibc
2.17-260.0.9.el7
glibc-common
2.17-260.0.9.el7
glibc-devel
2.17-260.0.9.el7
glibc-headers
2.17-260.0.9.el7
glibc-static
2.17-260.0.9.el7
glibc-utils
2.17-260.0.9.el7
nscd
2.17-260.0.9.el7
Связанные уязвимости
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.