Описание
Security update for glibc
This update for glibc fixes the following issues:
- CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357]
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
glibc-2.11.3-17.109.1
glibc-devel-2.11.3-17.109.1
glibc-html-2.11.3-17.109.1
glibc-i18ndata-2.11.3-17.109.1
glibc-info-2.11.3-17.109.1
glibc-locale-2.11.3-17.109.1
glibc-profile-2.11.3-17.109.1
nscd-2.11.3-17.109.1
SUSE Linux Enterprise Server 11 SP3-LTSS
glibc-2.11.3-17.109.1
glibc-32bit-2.11.3-17.109.1
glibc-devel-2.11.3-17.109.1
glibc-devel-32bit-2.11.3-17.109.1
glibc-html-2.11.3-17.109.1
glibc-i18ndata-2.11.3-17.109.1
glibc-info-2.11.3-17.109.1
glibc-locale-2.11.3-17.109.1
glibc-locale-32bit-2.11.3-17.109.1
glibc-profile-2.11.3-17.109.1
glibc-profile-32bit-2.11.3-17.109.1
nscd-2.11.3-17.109.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
glibc-2.11.3-17.109.1
glibc-32bit-2.11.3-17.109.1
glibc-devel-2.11.3-17.109.1
glibc-devel-32bit-2.11.3-17.109.1
glibc-html-2.11.3-17.109.1
glibc-i18ndata-2.11.3-17.109.1
glibc-info-2.11.3-17.109.1
glibc-locale-2.11.3-17.109.1
glibc-locale-32bit-2.11.3-17.109.1
glibc-profile-2.11.3-17.109.1
glibc-profile-32bit-2.11.3-17.109.1
nscd-2.11.3-17.109.1
SUSE Linux Enterprise Server 11 SP4
glibc-2.11.3-17.109.1
glibc-32bit-2.11.3-17.109.1
glibc-devel-2.11.3-17.109.1
glibc-devel-32bit-2.11.3-17.109.1
glibc-html-2.11.3-17.109.1
glibc-i18ndata-2.11.3-17.109.1
glibc-info-2.11.3-17.109.1
glibc-locale-2.11.3-17.109.1
glibc-locale-32bit-2.11.3-17.109.1
glibc-locale-x86-2.11.3-17.109.1
glibc-profile-2.11.3-17.109.1
glibc-profile-32bit-2.11.3-17.109.1
glibc-profile-x86-2.11.3-17.109.1
glibc-x86-2.11.3-17.109.1
nscd-2.11.3-17.109.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
glibc-2.11.3-17.109.1
glibc-32bit-2.11.3-17.109.1
glibc-devel-2.11.3-17.109.1
glibc-devel-32bit-2.11.3-17.109.1
glibc-html-2.11.3-17.109.1
glibc-i18ndata-2.11.3-17.109.1
glibc-info-2.11.3-17.109.1
glibc-locale-2.11.3-17.109.1
glibc-locale-32bit-2.11.3-17.109.1
glibc-locale-x86-2.11.3-17.109.1
glibc-profile-2.11.3-17.109.1
glibc-profile-32bit-2.11.3-17.109.1
glibc-profile-x86-2.11.3-17.109.1
glibc-x86-2.11.3-17.109.1
nscd-2.11.3-17.109.1
SUSE Linux Enterprise Software Development Kit 11 SP4
glibc-html-2.11.3-17.109.1
glibc-info-2.11.3-17.109.1
Ссылки
- Link for SUSE-SU-2017:1621-1
- E-Mail link for SUSE-SU-2017:1621-1
- SUSE Security Ratings
- SUSE Bug 1039357
- SUSE CVE CVE-2017-1000366 page
Описание
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-2.11.3-17.109.1
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-devel-2.11.3-17.109.1
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-html-2.11.3-17.109.1
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-i18ndata-2.11.3-17.109.1
Ссылки
- CVE-2017-1000366
- SUSE Bug 1037551
- SUSE Bug 1039357
- SUSE Bug 1063847
- SUSE Bug 1071319
- SUSE Bug 1123874