Описание
ELSA-2020-3861: glibc security, bug fix, and enhancement update (LOW)
[2.17-317.0.1]
- Merge RH el7 u8 patches with Oracle patches Review-exception: Simple merge
- Adding Mike Fabians C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) Orabug 29784239. Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
- Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch
- Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if ((stream->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*stream->_lock); OraBug 28481550. Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
- Modify glibc-ora28849085.patch so it works with RHCK kernels. Orabug 28849085.
- Reviewed-by: Egeyar Bagcioglu egeyar.bagcioglu@oracle.com
- Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs.
- Orabug 28849085
- Reviewed-by: Patrick McGehearty patrick.mcgehearty@oracle.com
- Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984.
- Orabug 25558067.
- Reviewed-by: Egeyar Bagcioglu egeyar.bagcioglu@oracle.com
- Regenerate plural.c
- OraBug 28806294.
- Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
- intl: Port to Bison 3.0
- Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
- OraBug 28806294.
- Reviewed-by: Patrick McGehearty patrick.mcgehearty@oracle.com
- Fix dbl-64/wordsize-64 remquo (bug 17569).
- Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
- OraBug 19570749.
- Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
- libio: Disable vtable validation in case of interposition.
- Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
- OraBug 28641867.
- Reviewed-by: Egeyar Bagcioglu egeyar.bagcioglu@oracle.com
- Include-linux-falloc.h-in-bits-fcntl-linux.h
- Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
- OraBug 28483336
- Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
- sysdeps/unix/sysv/linux/x86/bits/mman.h
- OraBug 28389572
- Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
- Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9).
- It also adds si_trapno field for alpha.
- New values: BUS_MCEERR_AR, BUS_MCEERR_AO
- OraBug 28124569
[2.17-317]
- Do not clobber errno in nss_compat (#1834816)
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
glibc
2.17-317.0.1.el7
glibc-common
2.17-317.0.1.el7
glibc-devel
2.17-317.0.1.el7
glibc-headers
2.17-317.0.1.el7
glibc-static
2.17-317.0.1.el7
glibc-utils
2.17-317.0.1.el7
nscd
2.17-317.0.1.el7
Связанные CVE
Связанные уязвимости
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...