Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:1585

Опубликовано: 18 мая 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: glibc security, bug fix, and enhancement update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013)

  • glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (CVE-2019-9169)

  • glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326)

  • glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228)

  • glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
glibci686151.el8glibc-2.28-151.el8.i686.rpm
glibcx86_64151.el8glibc-2.28-151.el8.x86_64.rpm
glibc-all-langpacksx86_64151.el8glibc-all-langpacks-2.28-151.el8.x86_64.rpm
glibc-commonx86_64151.el8glibc-common-2.28-151.el8.x86_64.rpm
glibc-develi686151.el8glibc-devel-2.28-151.el8.i686.rpm
glibc-develx86_64151.el8glibc-devel-2.28-151.el8.x86_64.rpm
glibc-headersi686151.el8glibc-headers-2.28-151.el8.i686.rpm
glibc-headersx86_64151.el8glibc-headers-2.28-151.el8.x86_64.rpm
glibc-langpack-aax86_64151.el8glibc-langpack-aa-2.28-151.el8.x86_64.rpm
glibc-langpack-afx86_64151.el8glibc-langpack-af-2.28-151.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2016-10228
CVE-2019-25013
CVE-2019-9169
CVE-2020-27618
CVE-2021-3326

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2021-9344

oracle-oval
больше 4 лет назад

ELSA-2021-9344: glibc security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9280

oracle-oval
больше 4 лет назад

ELSA-2021-9280: glibc security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-1585

oracle-oval
больше 4 лет назад

ELSA-2021-1585: glibc security, bug fix, and enhancement update (MODERATE)

suse-cvrf логотип

SUSE-SU-2022:2886-1

suse-cvrf
больше 3 лет назад

Security update for glibc

ubuntu логотип

CVE-2016-10228

CVSS3: 5.9
ubuntu
почти 9 лет назад

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.