Описание
Security update for glibc
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).
- CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).
Non-security issues fixed:
- Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574).
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
glibc-2.22-62.22.5
Container suse/sles12sp3:latest
glibc-2.22-62.22.5
SUSE Enterprise Storage 4
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE Enterprise Storage 5
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE Linux Enterprise Server 12 SP2-BCL
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE Linux Enterprise Server 12 SP2-LTSS
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE Linux Enterprise Server 12 SP3-LTSS
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE OpenStack Cloud 7
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
SUSE OpenStack Cloud 8
glibc-2.22-62.22.5
glibc-32bit-2.22-62.22.5
glibc-devel-2.22-62.22.5
glibc-devel-32bit-2.22-62.22.5
glibc-html-2.22-62.22.5
glibc-i18ndata-2.22-62.22.5
glibc-info-2.22-62.22.5
glibc-locale-2.22-62.22.5
glibc-locale-32bit-2.22-62.22.5
glibc-profile-2.22-62.22.5
glibc-profile-32bit-2.22-62.22.5
nscd-2.22-62.22.5
Ссылки
- Link for SUSE-SU-2019:1958-1
- E-Mail link for SUSE-SU-2019:1958-1
- SUSE Security Ratings
- SUSE Bug 1127223
- SUSE Bug 1127308
- SUSE Bug 1128574
- SUSE CVE CVE-2009-5155 page
- SUSE CVE CVE-2019-9169 page
Описание
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:glibc-2.22-62.22.5
Container suse/sles12sp3:latest:glibc-2.22-62.22.5
SUSE Enterprise Storage 4:glibc-2.22-62.22.5
SUSE Enterprise Storage 4:glibc-32bit-2.22-62.22.5
Ссылки
- CVE-2009-5155
- SUSE Bug 1127223
Описание
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:glibc-2.22-62.22.5
Container suse/sles12sp3:latest:glibc-2.22-62.22.5
SUSE Enterprise Storage 4:glibc-2.22-62.22.5
SUSE Enterprise Storage 4:glibc-32bit-2.22-62.22.5
Ссылки
- CVE-2019-9169
- SUSE Bug 1127308
- SUSE Bug 1146392