Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:1562-1

Опубликовано: 06 июн. 2018
Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

  • CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150)
  • CVE-2018-11236: Fix overflow in path length computation (bsc#1094161)
  • CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154)

Non security bugs fixed:

  • Fix crash in resolver on memory allocation failure (bsc#1086690)

Список пакетов

SUSE Enterprise Storage 4
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-html-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-info-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
glibc-profile-2.22-62.13.2
glibc-profile-32bit-2.22-62.13.2
nscd-2.22-62.13.2
SUSE Linux Enterprise Desktop 12 SP3
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
nscd-2.22-62.13.2
SUSE Linux Enterprise Server 12 SP2-LTSS
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-html-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-info-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
glibc-profile-2.22-62.13.2
glibc-profile-32bit-2.22-62.13.2
nscd-2.22-62.13.2
SUSE Linux Enterprise Server 12 SP3
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-html-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-info-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
glibc-profile-2.22-62.13.2
glibc-profile-32bit-2.22-62.13.2
nscd-2.22-62.13.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-html-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-info-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
glibc-profile-2.22-62.13.2
glibc-profile-32bit-2.22-62.13.2
nscd-2.22-62.13.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-html-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-info-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
glibc-profile-2.22-62.13.2
glibc-profile-32bit-2.22-62.13.2
nscd-2.22-62.13.2
SUSE Linux Enterprise Software Development Kit 12 SP3
glibc-devel-static-2.22-62.13.2
glibc-info-2.22-62.13.2
SUSE OpenStack Cloud 7
glibc-2.22-62.13.2
glibc-32bit-2.22-62.13.2
glibc-devel-2.22-62.13.2
glibc-devel-32bit-2.22-62.13.2
glibc-html-2.22-62.13.2
glibc-i18ndata-2.22-62.13.2
glibc-info-2.22-62.13.2
glibc-locale-2.22-62.13.2
glibc-locale-32bit-2.22-62.13.2
glibc-profile-2.22-62.13.2
glibc-profile-32bit-2.22-62.13.2
nscd-2.22-62.13.2

Ссылки

Описание

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

Затронутые продукты
SUSE Enterprise Storage 4:glibc-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-32bit-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-devel-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-devel-32bit-2.22-62.13.2
Ссылки

Описание

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Затронутые продукты
SUSE Enterprise Storage 4:glibc-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-32bit-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-devel-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-devel-32bit-2.22-62.13.2
Ссылки

Описание

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Затронутые продукты
SUSE Enterprise Storage 4:glibc-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-32bit-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-devel-2.22-62.13.2
SUSE Enterprise Storage 4:glibc-devel-32bit-2.22-62.13.2
Ссылки
Уязвимость SUSE-SU-2018:1562-1