Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0076-1

Опубликовано: 12 янв. 2018
Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

  • A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293]

  • A buffer manipulation vulnerability in nscd has been fixed that could possibly have lead to an nscd daemon crash or code execution as the user running nscd. [CVE-2014-9984, bsc#1043984]

Список пакетов

SUSE Linux Enterprise Server 12-LTSS
glibc-2.19-22.24.5
glibc-32bit-2.19-22.24.5
glibc-devel-2.19-22.24.5
glibc-devel-32bit-2.19-22.24.5
glibc-html-2.19-22.24.5
glibc-i18ndata-2.19-22.24.5
glibc-info-2.19-22.24.5
glibc-locale-2.19-22.24.5
glibc-locale-32bit-2.19-22.24.5
glibc-profile-2.19-22.24.5
glibc-profile-32bit-2.19-22.24.5
nscd-2.19-22.24.5

Ссылки

Описание

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:glibc-2.19-22.24.5
SUSE Linux Enterprise Server 12-LTSS:glibc-32bit-2.19-22.24.5
SUSE Linux Enterprise Server 12-LTSS:glibc-devel-2.19-22.24.5
SUSE Linux Enterprise Server 12-LTSS:glibc-devel-32bit-2.19-22.24.5
Ссылки

Описание

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:glibc-2.19-22.24.5
SUSE Linux Enterprise Server 12-LTSS:glibc-32bit-2.19-22.24.5
SUSE Linux Enterprise Server 12-LTSS:glibc-devel-2.19-22.24.5
SUSE Linux Enterprise Server 12-LTSS:glibc-devel-32bit-2.19-22.24.5
Ссылки