SUSE-SU-2020:0832-1

Опубликовано: 31 мар. 2020

Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631).
CVE-2020-1751: Fixed an array overflow in backtrace for PowerPC (bsc#1158996).
CVE-2020-10029: Fixed a stack buffer overflow during range reduction (bsc#1165784).
Use 'posix_spawn' on popen preventing crash caused by 'subprocess'. (bsc#1149332, BZ #22834)
Fix handling of needles crossing a page, preventing incorrect results to return during the cross page boundary search. (bsc#1157893, BZ #25226)

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

glibc-2.22-100.21.5

Container suse/sles12sp4:latest

glibc-2.22-100.21.5

Container suse/sles12sp5:latest

glibc-2.22-100.21.5

Image SLES12-SP4-Azure-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-EC2-HVM-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-GCE-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-OCI-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-Azure

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-Azure-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-EC2-HVM

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-EC2-HVM-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-GCE

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-GCE-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP4-SAP-OCI-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-Basic-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-HPC-BYOS

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-HPC-On-Demand

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-SAP-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-SAP-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-Azure-Standard-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-EC2-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-EC2-ECS-On-Demand

glibc-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-EC2-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-EC2-SAP-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-EC2-SAP-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-GCE-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-GCE-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-GCE-SAP-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-GCE-SAP-On-Demand

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-OCI-BYOS-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

glibc-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-locale-2.22-100.21.5

nscd-2.22-100.21.5

SUSE Linux Enterprise Server 12 SP4

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-devel-32bit-2.22-100.21.5

glibc-html-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-info-2.22-100.21.5

glibc-locale-2.22-100.21.5

glibc-locale-32bit-2.22-100.21.5

glibc-profile-2.22-100.21.5

glibc-profile-32bit-2.22-100.21.5

nscd-2.22-100.21.5

SUSE Linux Enterprise Server 12 SP5

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-devel-32bit-2.22-100.21.5

glibc-html-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-info-2.22-100.21.5

glibc-locale-2.22-100.21.5

glibc-locale-32bit-2.22-100.21.5

glibc-profile-2.22-100.21.5

glibc-profile-32bit-2.22-100.21.5

nscd-2.22-100.21.5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-devel-32bit-2.22-100.21.5

glibc-html-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-info-2.22-100.21.5

glibc-locale-2.22-100.21.5

glibc-locale-32bit-2.22-100.21.5

glibc-profile-2.22-100.21.5

glibc-profile-32bit-2.22-100.21.5

nscd-2.22-100.21.5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

glibc-2.22-100.21.5

glibc-32bit-2.22-100.21.5

glibc-devel-2.22-100.21.5

glibc-devel-32bit-2.22-100.21.5

glibc-html-2.22-100.21.5

glibc-i18ndata-2.22-100.21.5

glibc-info-2.22-100.21.5

glibc-locale-2.22-100.21.5

glibc-locale-32bit-2.22-100.21.5

glibc-profile-2.22-100.21.5

glibc-profile-32bit-2.22-100.21.5

nscd-2.22-100.21.5

SUSE Linux Enterprise Software Development Kit 12 SP4

glibc-devel-static-2.22-100.21.5

glibc-info-2.22-100.21.5

SUSE Linux Enterprise Software Development Kit 12 SP5

glibc-devel-static-2.22-100.21.5

glibc-info-2.22-100.21.5

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200832-1/
Link for SUSE-SU-2020:0832-1
https://lists.suse.com/pipermail/sle-security-updates/2020-March/006655.html
E-Mail link for SUSE-SU-2020:0832-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1149332
SUSE Bug 1149332
https://bugzilla.suse.com/1157893
SUSE Bug 1157893
https://bugzilla.suse.com/1158996
SUSE Bug 1158996
https://bugzilla.suse.com/1165784
SUSE Bug 1165784
https://bugzilla.suse.com/1167631
SUSE Bug 1167631
https://www.suse.com/security/cve/CVE-2020-10029/
SUSE CVE CVE-2020-10029 page
https://www.suse.com/security/cve/CVE-2020-1751/
SUSE CVE CVE-2020-1751 page
https://www.suse.com/security/cve/CVE-2020-1752/
SUSE CVE CVE-2020-1752 page

Описание

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:glibc-2.22-100.21.5

Container suse/sles12sp4:latest:glibc-2.22-100.21.5

Container suse/sles12sp5:latest:glibc-2.22-100.21.5

Image SLES12-SP4-Azure-BYOS:glibc-2.22-100.21.5

Ссылки

https://www.suse.com/security/cve/CVE-2020-10029.html
CVE-2020-10029
https://bugzilla.suse.com/1165784
SUSE Bug 1165784

Описание

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:glibc-2.22-100.21.5

Container suse/sles12sp4:latest:glibc-2.22-100.21.5

Container suse/sles12sp5:latest:glibc-2.22-100.21.5

Image SLES12-SP4-Azure-BYOS:glibc-2.22-100.21.5

Ссылки

https://www.suse.com/security/cve/CVE-2020-1751.html
CVE-2020-1751
https://bugzilla.suse.com/1167630
SUSE Bug 1167630

Описание

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:glibc-2.22-100.21.5

Container suse/sles12sp4:latest:glibc-2.22-100.21.5

Container suse/sles12sp5:latest:glibc-2.22-100.21.5

Image SLES12-SP4-Azure-BYOS:glibc-2.22-100.21.5

Ссылки

https://www.suse.com/security/cve/CVE-2020-1752.html
CVE-2020-1752
https://bugzilla.suse.com/1167631
SUSE Bug 1167631

SUSE-SU-2020:0832-1

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp4:latest

Container suse/sles12sp5:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2020-10029

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-1751

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-1752

Описание

Затронутые продукты

Ссылки