Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1619-1

Опубликовано: 19 июн. 2017
Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

  • CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357]

  • A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043]

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
glibc-2.22-61.3
glibc-32bit-2.22-61.3
glibc-devel-2.22-61.3
glibc-devel-32bit-2.22-61.3
glibc-i18ndata-2.22-61.3
glibc-locale-2.22-61.3
glibc-locale-32bit-2.22-61.3
nscd-2.22-61.3
SUSE Linux Enterprise Server 12 SP2
glibc-2.22-61.3
glibc-32bit-2.22-61.3
glibc-devel-2.22-61.3
glibc-devel-32bit-2.22-61.3
glibc-html-2.22-61.3
glibc-i18ndata-2.22-61.3
glibc-info-2.22-61.3
glibc-locale-2.22-61.3
glibc-locale-32bit-2.22-61.3
glibc-profile-2.22-61.3
glibc-profile-32bit-2.22-61.3
nscd-2.22-61.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
glibc-2.22-61.3
glibc-devel-2.22-61.3
glibc-html-2.22-61.3
glibc-i18ndata-2.22-61.3
glibc-info-2.22-61.3
glibc-locale-2.22-61.3
glibc-profile-2.22-61.3
nscd-2.22-61.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
glibc-2.22-61.3
glibc-32bit-2.22-61.3
glibc-devel-2.22-61.3
glibc-devel-32bit-2.22-61.3
glibc-html-2.22-61.3
glibc-i18ndata-2.22-61.3
glibc-info-2.22-61.3
glibc-locale-2.22-61.3
glibc-locale-32bit-2.22-61.3
glibc-profile-2.22-61.3
glibc-profile-32bit-2.22-61.3
nscd-2.22-61.3
SUSE Linux Enterprise Software Development Kit 12 SP2
glibc-devel-static-2.22-61.3
glibc-info-2.22-61.3

Ссылки

Описание

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:glibc-2.22-61.3
SUSE Linux Enterprise Desktop 12 SP2:glibc-32bit-2.22-61.3
SUSE Linux Enterprise Desktop 12 SP2:glibc-devel-2.22-61.3
SUSE Linux Enterprise Desktop 12 SP2:glibc-devel-32bit-2.22-61.3
Ссылки