Описание
Security update for glibc
This update for glibc fixes the following security issues:
- CVE-2017-15670: Prevent off-by-one error that lead to a heap-based buffer overflow in the glob function, related to the processing of home directories using the ~ operator followed by a long string (bsc#1064583)
- CVE-2017-15804: The glob function contained a buffer overflow during unescaping of user names with the ~ operator (bsc#1064580)
- CVE-2015-5180: res_query in libresolv allowed remote attackers to cause a denial of service (NULL pointer dereference and process crash) (bsc#941234).
This non-security issue was fixed:
- Fix inaccuracies in casin, cacos, casinh, cacosh (bsc#1058774)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
glibc-2.11.3-17.110.19.2
glibc-devel-2.11.3-17.110.19.2
glibc-html-2.11.3-17.110.19.2
glibc-i18ndata-2.11.3-17.110.19.2
glibc-info-2.11.3-17.110.19.2
glibc-locale-2.11.3-17.110.19.2
glibc-profile-2.11.3-17.110.19.2
nscd-2.11.3-17.110.19.2
SUSE Linux Enterprise Server 11 SP3-LTSS
glibc-2.11.3-17.110.19.2
glibc-32bit-2.11.3-17.110.19.2
glibc-devel-2.11.3-17.110.19.2
glibc-devel-32bit-2.11.3-17.110.19.2
glibc-html-2.11.3-17.110.19.2
glibc-i18ndata-2.11.3-17.110.19.2
glibc-info-2.11.3-17.110.19.2
glibc-locale-2.11.3-17.110.19.2
glibc-locale-32bit-2.11.3-17.110.19.2
glibc-profile-2.11.3-17.110.19.2
glibc-profile-32bit-2.11.3-17.110.19.2
nscd-2.11.3-17.110.19.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
glibc-2.11.3-17.110.19.2
glibc-32bit-2.11.3-17.110.19.2
glibc-devel-2.11.3-17.110.19.2
glibc-devel-32bit-2.11.3-17.110.19.2
glibc-html-2.11.3-17.110.19.2
glibc-i18ndata-2.11.3-17.110.19.2
glibc-info-2.11.3-17.110.19.2
glibc-locale-2.11.3-17.110.19.2
glibc-locale-32bit-2.11.3-17.110.19.2
glibc-profile-2.11.3-17.110.19.2
glibc-profile-32bit-2.11.3-17.110.19.2
nscd-2.11.3-17.110.19.2
SUSE Linux Enterprise Server 11 SP4
glibc-2.11.3-17.110.19.2
glibc-32bit-2.11.3-17.110.19.2
glibc-devel-2.11.3-17.110.19.2
glibc-devel-32bit-2.11.3-17.110.19.2
glibc-html-2.11.3-17.110.19.2
glibc-i18ndata-2.11.3-17.110.19.2
glibc-info-2.11.3-17.110.19.2
glibc-locale-2.11.3-17.110.19.2
glibc-locale-32bit-2.11.3-17.110.19.2
glibc-locale-x86-2.11.3-17.110.19.2
glibc-profile-2.11.3-17.110.19.2
glibc-profile-32bit-2.11.3-17.110.19.2
glibc-profile-x86-2.11.3-17.110.19.2
glibc-x86-2.11.3-17.110.19.2
nscd-2.11.3-17.110.19.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
glibc-2.11.3-17.110.19.2
glibc-32bit-2.11.3-17.110.19.2
glibc-devel-2.11.3-17.110.19.2
glibc-devel-32bit-2.11.3-17.110.19.2
glibc-html-2.11.3-17.110.19.2
glibc-i18ndata-2.11.3-17.110.19.2
glibc-info-2.11.3-17.110.19.2
glibc-locale-2.11.3-17.110.19.2
glibc-locale-32bit-2.11.3-17.110.19.2
glibc-locale-x86-2.11.3-17.110.19.2
glibc-profile-2.11.3-17.110.19.2
glibc-profile-32bit-2.11.3-17.110.19.2
glibc-profile-x86-2.11.3-17.110.19.2
glibc-x86-2.11.3-17.110.19.2
nscd-2.11.3-17.110.19.2
SUSE Linux Enterprise Software Development Kit 11 SP4
glibc-html-2.11.3-17.110.19.2
glibc-info-2.11.3-17.110.19.2
Ссылки
- Link for SUSE-SU-2018:2883-1
- E-Mail link for SUSE-SU-2018:2883-1
- SUSE Security Ratings
- SUSE Bug 1058774
- SUSE Bug 1064580
- SUSE Bug 1064583
- SUSE Bug 941234
- SUSE CVE CVE-2015-5180 page
- SUSE CVE CVE-2017-15670 page
- SUSE CVE CVE-2017-15804 page
Описание
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-devel-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-html-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-i18ndata-2.11.3-17.110.19.2
Ссылки
- CVE-2015-5180
- SUSE Bug 1123874
- SUSE Bug 1215582
- SUSE Bug 941234
Описание
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-devel-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-html-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-i18ndata-2.11.3-17.110.19.2
Ссылки
- CVE-2017-15670
- SUSE Bug 1064583
- SUSE Bug 1110160
- SUSE Bug 1123874
Описание
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-devel-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-html-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11 SP3:glibc-i18ndata-2.11.3-17.110.19.2
Ссылки
- CVE-2017-15804
- SUSE Bug 1064580
- SUSE Bug 1110160
- SUSE Bug 1123874