Описание
Security update for glibc
This update for glibc fixes the following issues:
-
CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357]
-
The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690]
-
A defect in glibc's regression test suite has been remedied to avoid false positives. [bsc#987216]
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
Ссылки
- Link for SUSE-SU-2017:1611-1
- E-Mail link for SUSE-SU-2017:1611-1
- SUSE Security Ratings
- SUSE Bug 1038690
- SUSE Bug 1039357
- SUSE Bug 987216
- SUSE CVE CVE-2017-1000366 page
Описание
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
Затронутые продукты
Ссылки
- CVE-2017-1000366
- SUSE Bug 1037551
- SUSE Bug 1039357
- SUSE Bug 1063847
- SUSE Bug 1071319
- SUSE Bug 1123874