Описание
Security update for glibc
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580).
- CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583).
- CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569).
- CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161).
- CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791).
- CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293).
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
Ссылки
- Link for SUSE-SU-2018:2187-1
- E-Mail link for SUSE-SU-2018:2187-1
- SUSE Security Ratings
- SUSE Bug 1051791
- SUSE Bug 1064569
- SUSE Bug 1064580
- SUSE Bug 1064583
- SUSE Bug 1074293
- SUSE Bug 1094161
- SUSE CVE CVE-2017-12132 page
- SUSE CVE CVE-2017-15670 page
- SUSE CVE CVE-2017-15671 page
- SUSE CVE CVE-2017-15804 page
- SUSE CVE CVE-2018-1000001 page
- SUSE CVE CVE-2018-11236 page
Описание
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
Затронутые продукты
Ссылки
- CVE-2017-12132
- SUSE Bug 1051791
- SUSE Bug 1123874
Описание
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
Затронутые продукты
Ссылки
- CVE-2017-15670
- SUSE Bug 1064583
- SUSE Bug 1110160
- SUSE Bug 1123874
Описание
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
Затронутые продукты
Ссылки
- CVE-2017-15671
- SUSE Bug 1064569
- SUSE Bug 1123874
Описание
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
Затронутые продукты
Ссылки
- CVE-2017-15804
- SUSE Bug 1064580
- SUSE Bug 1110160
- SUSE Bug 1123874
Описание
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Затронутые продукты
Ссылки
- CVE-2018-1000001
- SUSE Bug 1074293
- SUSE Bug 1099047
- SUSE Bug 1123874
Описание
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2018-11236
- SUSE Bug 1094161
- SUSE Bug 1110160
- SUSE Bug 1118435
- SUSE Bug 1123874